OpenVAS Libraries  9.0.3
nasl_builtin_find_service.c
Go to the documentation of this file.
1 /*
2  * Find service
3  *
4  * Copyright (C) 2002 Renaud Deraison <deraison@cvs.nessus.org>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2,
8  * as published by the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18  */
19 #define SMART_TCP_RW
20 /* #define DEBUG */
21 
22 #include <stdio.h> /* for snprintf() */
23 #include <string.h> /* for strstr() */
24 #include <stdlib.h> /* for atoi() */
25 #include <errno.h> /* for errno() */
26 #include <signal.h> /* for signal() */
27 #include <ctype.h> /* for tolower() */
28 #include <sys/time.h> /* for gettimeofday() */
29 #include <sys/types.h> /* for waitpid() */
30 #include <sys/wait.h> /* for waitpid() */
31 #include <unistd.h> /* for usleep() */
32 
33 
34 #include "../misc/arglists.h" /* for struct arglist */
35 #include "../misc/network.h" /* for get_encaps_through */
36 #include "../misc/plugutils.h" /* for OPENVAS_ENCAPS_IP */
37 #include "../base/nvticache.h"
38 
39 #include "nasl_lex_ctxt.h"
40 
41 #include <glib.h>
42 
43 #define CERT_FILE "SSL certificate : "
44 #define KEY_FILE "SSL private key : "
45 #define PEM_PASS "PEM password : "
46 #define CA_FILE "CA file : "
47 #define CNX_TIMEOUT_PREF "Network connection timeout : "
48 #define RW_TIMEOUT_PREF "Network read/write timeout : "
49 #define WRAP_TIMEOUT_PREF "Wrapped service read timeout : "
50 #define TEST_SSL_PREF "Test SSL based services"
51 
52 
53 #define NUM_CHILDREN "Number of connections done in parallel : "
54 
55 const char *oid;
56 
57 static void
58 register_service (struct arglist *desc, int port, const char *proto)
59 {
60  char k[96];
61 
62 #ifdef DEBUG
63  int l;
64  if (port < 0 || proto == NULL ||
65  (l = strlen (proto)) == 0 || l > sizeof (k) - 10)
66  {
68  ("find_service->register_service: invalid value - port=%d, proto=%s",
69  port, proto == NULL ? "(null)" : proto);
70  return;
71  }
72 #endif
73  /* Old "magical" key set */
74  snprintf (k, sizeof (k), "Services/%s", proto);
75  /* Do NOT use plug_replace_key! */
76  plug_set_key (desc, k, ARG_INT, GSIZE_TO_POINTER (port));
77 
78  /*
79  * 2002-08-24 - MA - My new key set There is a problem: if
80  * register_service is called twice for a port, e.g. first with HTTP
81  * and then with SWAT, the plug_get_key function will fork. This
82  * would not happen if we registered a boolean (i.e. "known") instead
83  * of the name of the protocol. However, we *need* this name for some
84  * scripts. We'll just have to keep in mind that a fork is
85  * possible...
86  *
87  * 2005-06-01 - MA - with plug_replace_key the problem is solved, but I
88  * wonder if this is so great...
89  */
90  snprintf (k, sizeof (k), "Known/tcp/%d", port);
91  plug_replace_key (desc, k, ARG_STRING, (char *) proto);
92 }
93 
94 static void
95 mark_chargen_server (struct arglist *desc, int port)
96 {
97  register_service (desc, port, "chargen");
98  post_log (oid, desc, port, "Chargen is running on this port");
99 }
100 
101 void
102 mark_echo_server (struct arglist *desc, int port)
103 {
104  register_service (desc, port, "echo");
105  post_log (oid, desc, port, "An echo server is running on this port");
106 }
107 
108 void
109 mark_ncacn_http_server (struct arglist *desc, int port, char *buffer)
110 {
111  char ban[256];
112  if (port == 593)
113  {
114  register_service (desc, port, "http-rpc-epmap");
115  snprintf (ban, sizeof (ban), "http-rpc-epmap/banner/%d", port);
116  plug_replace_key (desc, ban, ARG_STRING, buffer);
117  }
118  else
119  {
120  register_service (desc, port, "ncacn_http");
121  snprintf (ban, sizeof (ban), "ncacn_http/banner/%d", port);
122  plug_replace_key (desc, ban, ARG_STRING, buffer);
123  }
124 }
125 
126 void
127 mark_vnc_server (struct arglist *desc, int port, char *buffer)
128 {
129  char ban[512];
130  register_service (desc, port, "vnc");
131  snprintf (ban, sizeof (ban), "vnc/banner/%d", port);
132  plug_replace_key (desc, ban, ARG_STRING, buffer);
133 }
134 
135 void
136 mark_nntp_server (struct arglist *desc, int port, char *buffer, int trp)
137 {
138  char ban[512];
139  register_service (desc, port, "nntp");
140  snprintf (ban, sizeof (ban), "nntp/banner/%d", port);
141  plug_replace_key (desc, ban, ARG_STRING, buffer);
142  snprintf (ban, sizeof (ban), "An NNTP server is running on this port%s",
143  get_encaps_through (trp));
144  post_log (oid, desc, port, ban);
145 }
146 
147 
148 void
149 mark_swat_server (struct arglist *desc, int port, unsigned char *buffer)
150 {
151  register_service (desc, port, "swat");
152 }
153 
154 void
155 mark_vqserver (struct arglist *desc, int port, unsigned char *buffer)
156 {
157  register_service (desc, port, "vqServer-admin");
158 }
159 
160 
161 void
162 mark_mldonkey (struct arglist *desc, int port, unsigned char *buffer)
163 {
164  char ban[512];
165  register_service (desc, port, "mldonkey");
166  snprintf (ban, sizeof (ban), "A mldonkey server is running on this port");
167  post_log (oid, desc, port, ban);
168 }
169 
170 
171 
172 void
173 mark_http_server (struct arglist *desc, int port, unsigned char *buffer,
174  int trp)
175 {
176  char ban[512];
177  register_service (desc, port, "www");
178  snprintf (ban, sizeof (ban), "www/banner/%d", port);
179  plug_replace_key (desc, ban, ARG_STRING, buffer);
180  snprintf (ban, sizeof (ban), "A web server is running on this port%s",
181  get_encaps_through (trp));
182  post_log (oid, desc, port, ban);
183 }
184 
185 
186 void
187 mark_locked_adsubtract_server (struct arglist *desc, int port,
188  unsigned char *buffer, int trp)
189 {
190  char ban[512];
191  register_service (desc, port, "AdSubtract");
192  snprintf (ban, sizeof (ban), "AdSubtract/banner/%d", port);
193  plug_replace_key (desc, ban, ARG_STRING, buffer);
194  snprintf (ban, sizeof (ban),
195  "A (locked) AdSubtract server is running on this port%s",
196  get_encaps_through (trp));
197  post_log (oid, desc, port, ban);
198 }
199 
200 static void
201 mark_gopher_server (struct arglist *desc, int port)
202 {
203  register_service (desc, port, "gopher");
204  post_log (oid, desc, port, "A gopher server is running on this port");
205 }
206 
207 #if 0
208 static void
209 mark_gnutella_servent (struct arglist *desc, int port, char *buffer, int trp)
210 {
211  char ban[256];
212 
213  register_service (desc, port, "gnutella");
214  snprintf (ban, sizeof (ban), "www/banner/%d", port);
215  plug_replace_key (desc, ban, ARG_STRING, buffer);
216  snprintf (ban, sizeof (ban), "A Gnutella servent is running on this port%s",
217  get_encaps_through (trp));
218  post_log (oid, desc, port, ban);
219 }
220 #endif
221 
222 void
223 mark_rmserver (struct arglist *desc, int port, char *buffer, int trp)
224 {
225  char ban[512];
226  register_service (desc, port, "realserver");
227  snprintf (ban, sizeof (ban), "realserver/banner/%d", port);
228  plug_replace_key (desc, ban, ARG_STRING, buffer);
229 
230  snprintf (ban, sizeof (ban), "A RealMedia server is running on this port%s",
231  get_encaps_through (trp));
232  post_log (oid, desc, port, ban);
233 }
234 
235 void
236 mark_smtp_server (struct arglist *desc, int port, char *buffer, int trp)
237 {
238  char ban[512];
239  register_service (desc, port, "smtp");
240  snprintf (ban, sizeof (ban), "smtp/banner/%d", port);
241  plug_replace_key (desc, ban, ARG_STRING, buffer);
242 
243  if (strstr (buffer, " postfix"))
244  plug_replace_key (desc, "smtp/postfix", ARG_INT, (void *) 1);
245 
246  {
247  char *report = g_malloc0 (255 + strlen (buffer));
248  char *t = strchr (buffer, '\n');
249  if (t)
250  t[0] = 0;
251  snprintf (report, 255 + strlen (buffer), "An SMTP server is running on this port%s\n\
252 Here is its banner : \n%s",
253  get_encaps_through (trp), buffer);
254  post_log (oid, desc, port, report);
255  g_free (report);
256  }
257 }
258 
259 void
260 mark_snpp_server (struct arglist *desc, int port, char *buffer, int trp)
261 {
262  char ban[512], *report, *t;
263  register_service (desc, port, "snpp");
264  snprintf (ban, sizeof (ban), "snpp/banner/%d", port);
265  plug_replace_key (desc, ban, ARG_STRING, buffer);
266 
267  report = g_malloc0 (255 + strlen (buffer));
268  t = strchr (buffer, '\n');
269  if (t != NULL)
270  *t = '\0';
271  snprintf (report, 255 + strlen (buffer),
272  "An SNPP server is running on this port%s\n\
273 Here is its banner : \n%s", get_encaps_through (trp), buffer);
274  post_log (oid, desc, port, report);
275  g_free (report);
276 }
277 
278 void
279 mark_ftp_server (struct arglist *desc, int port, char *buffer, int trp)
280 {
281  register_service (desc, port, "ftp");
282 
283  if (buffer != NULL)
284  {
285  char ban[255];
286 
287  snprintf (ban, sizeof (ban), "ftp/banner/%d", port);
288  plug_replace_key (desc, ban, ARG_STRING, buffer);
289  }
290  if (buffer != NULL)
291  {
292  char *report = g_malloc0 (255 + strlen (buffer));
293  char *t = strchr (buffer, '\n');
294  if (t != NULL)
295  t[0] = '\0';
296  snprintf (report, 255 + strlen (buffer), "An FTP server is running on this port%s.\n\
297 Here is its banner : \n%s",
298  get_encaps_through (trp), buffer);
299  post_log (oid, desc, port, report);
300  g_free (report);
301  }
302  else
303  {
304  char report[255];
305  snprintf (report, sizeof (report),
306  "An FTP server is running on this port%s.",
307  get_encaps_through (trp));
308  post_log (oid, desc, port, report);
309  }
310 }
311 
312 void
313 mark_ssh_server (struct arglist *desc, int port, char *buffer)
314 {
315  register_service (desc, port, "ssh");
316  while ((buffer[strlen (buffer) - 1] == '\n') ||
317  (buffer[strlen (buffer) - 1] == '\r'))
318  buffer[strlen (buffer) - 1] = '\0';
319  post_log (oid, desc, port, "An ssh server is running on this port");
320 }
321 
322 void
323 mark_http_proxy (struct arglist *desc, int port, unsigned char *buffer, int trp)
324 {
325  char ban[512];
326  /* the banner is in www/banner/port */
327  register_service (desc, port, "http_proxy");
328  snprintf (ban, sizeof (ban), "An HTTP proxy is running on this port%s",
329  get_encaps_through (trp));
330  post_log (oid, desc, port, ban);
331 }
332 
333 void
334 mark_pop_server (struct arglist *desc, int port, char *buffer)
335 {
336  char *c = strchr (buffer, '\n');
337  char ban[512];
338  char *buffer2;
339  int i;
340  if (c)
341  c[0] = 0;
342  buffer2 = g_strdup (buffer);
343  for (i = 0; i < strlen (buffer2); i++)
344  buffer2[i] = tolower (buffer2[i]);
345  if (!strcmp (buffer2, "+ok"))
346  {
347  register_service (desc, port, "pop1");
348  snprintf (ban, sizeof (ban), "pop1/banner/%d", port);
349  plug_replace_key (desc, ban, ARG_STRING, buffer);
350  }
351  else if (strstr (buffer2, "pop2"))
352  {
353  register_service (desc, port, "pop2");
354  snprintf (ban, sizeof (ban), "pop2/banner/%d", port);
355  plug_replace_key (desc, ban, ARG_STRING, buffer);
356  post_log (oid, desc, port, "a pop2 server is running on this port");
357  }
358  else
359  {
360  register_service (desc, port, "pop3");
361  snprintf (ban, sizeof (ban), "pop3/banner/%d", port);
362  plug_replace_key (desc, ban, ARG_STRING, buffer);
363  post_log (oid, desc, port, "A pop3 server is running on this port");
364  }
365  g_free (buffer2);
366 }
367 
368 void
369 mark_imap_server (struct arglist *desc, int port, char *buffer, int trp)
370 {
371  char ban[512];
372  register_service (desc, port, "imap");
373  snprintf (ban, sizeof (ban), "imap/banner/%d", port);
374  plug_replace_key (desc, ban, ARG_STRING, buffer);
375  {
376  snprintf (ban, sizeof (ban), "An IMAP server is running on this port%s",
377  get_encaps_through (trp));
378  post_log (oid, desc, port, ban);
379  }
380 }
381 
382 void
383 mark_auth_server (struct arglist *desc, int port, char *buffer)
384 {
385  register_service (desc, port, "auth");
386  post_log (oid, desc, port, "An identd server is running on this port");
387 }
388 
389 
390 /*
391  * Postgres, MySQL & CVS pserver detection by Vincent Renardias
392  * <vincent@strongholdnet.com>
393  */
394 void
395 mark_postgresql (struct arglist *desc, int port, char *buffer)
396 {
397  register_service (desc, port, "postgresql");
398  /* if (port != 5432) */
399  post_log (oid, desc, port, "A PostgreSQL server is running on this port");
400 }
401 
402 void
403 mark_mysql (struct arglist *desc, int port, char *buffer)
404 {
405  register_service (desc, port, "mysql");
406  /* if (port != 3306) */
407  post_log (oid, desc, port, "A MySQL server is running on this port");
408 }
409 
410 void
411 mark_cvspserver (struct arglist *desc, int port, char *buffer, int trp)
412 {
413  register_service (desc, port, "cvspserver");
414  /* if (port != 2401) */
415  post_log (oid, desc, port, "A CVS pserver server is running on this port");
416 }
417 
418 
419 void
420 mark_cvsupserver (struct arglist *desc, int port, char *buffer, int trp)
421 {
422  register_service (desc, port, "cvsup");
423  post_log (oid, desc, port, "A CVSup server is running on this port");
424 }
425 
426 
427 void
428 mark_cvslockserver (struct arglist *desc, int port, char *buffer, int trp)
429 {
430  register_service (desc, port, "cvslockserver");
431  /* if (port != 2401) */
432  post_log (oid, desc, port, "A CVSLock server server is running on this port");
433 }
434 
435 void
436 mark_rsync (struct arglist *desc, int port, char *buffer, int trp)
437 {
438  register_service (desc, port, "rsync");
439  post_log (oid, desc, port, "A rsync server is running on this port");
440 }
441 
442 
443 void
444 mark_wild_shell (struct arglist *desc, int port, char *buffer)
445 {
446 
447  register_service (desc, port, "wild_shell");
448 
449  post_alarm (oid, desc, port,
450  "A shell seems to be running on this port ! (this is a possible backdoor)");
451 }
452 
453 void
454 mark_telnet_server (struct arglist *desc, int port, char *buffer, int trp)
455 {
456  char ban[255];
457  register_service (desc, port, "telnet");
458  {
459  snprintf (ban, sizeof (ban),
460  "A telnet server seems to be running on this port%s",
461  get_encaps_through (trp));
462  post_log (oid, desc, port, ban);
463  }
464 }
465 
466 void
467 mark_gnome14_server (struct arglist *desc, int port, char *buffer, int trp)
468 {
469  char ban[255];
470  register_service (desc, port, "gnome14");
471  {
472  snprintf (ban, sizeof (ban),
473  "A Gnome 1.4 server seems to be running on this port%s",
474  get_encaps_through (trp));
475  post_log (oid, desc, port, ban);
476  }
477 }
478 
479 void
480 mark_eggdrop_server (struct arglist *desc, int port, char *buffer, int trp)
481 {
482  char ban[255];
483  register_service (desc, port, "eggdrop");
484  {
485  snprintf (ban, sizeof (ban),
486  "An eggdrop IRC bot seems to be running a control server on this port%s",
487  get_encaps_through (trp));
488  post_log (oid, desc, port, ban);
489  }
490 }
491 
492 void
493 mark_netbus_server (struct arglist *desc, int port, char *buffer)
494 {
495  register_service (desc, port, "netbus");
496  post_alarm (oid, desc, port, "NetBus is running on this port");
497 }
498 
499 
500 void
501 mark_linuxconf (struct arglist *desc, int port, unsigned char *buffer)
502 {
503  char ban[512];
504  register_service (desc, port, "linuxconf");
505  snprintf (ban, sizeof (ban), "linuxconf/banner/%d", port);
506  plug_replace_key (desc, ban, ARG_STRING, buffer);
507  post_log (oid, desc, port, "Linuxconf is running on this port");
508 }
509 
510 static void
511 mark_finger_server (struct arglist *desc, int port, unsigned char *banner,
512  int trp)
513 {
514  char tmp[256];
515 
516  register_service (desc, port, "finger");
517 
518  snprintf (tmp, sizeof (tmp),
519  "A finger server seems to be running on this port%s",
520  get_encaps_through (trp));
521  post_log (oid, desc, port, tmp);
522 }
523 
524 
525 static void
526 mark_vtun_server (struct arglist *desc, int port, unsigned char *banner,
527  int trp)
528 {
529  char tmp[255];
530 
531  snprintf (tmp, sizeof (tmp), "vtun/banner/%d", port);
532  plug_replace_key (desc, tmp, ARG_STRING, (char *) banner);
533 
534  register_service (desc, port, "vtun");
535 
536  if (banner == NULL)
537  {
538  snprintf (tmp, sizeof (tmp),
539  "A VTUN server seems to be running on this port%s",
540  get_encaps_through (trp));
541  }
542  else
543  snprintf (tmp, sizeof (tmp),
544  "A VTUN server seems to be running on this port%s\n"
545  "Here is its banner:\n%s\n", get_encaps_through (trp), banner);
546 
547  post_log (oid, desc, port, tmp);
548 }
549 
550 static void
551 mark_uucp_server (struct arglist *desc, int port, unsigned char *banner,
552  int trp)
553 {
554  char tmp[255];
555 
556  snprintf (tmp, sizeof (tmp), "uucp/banner/%d", port);
557  plug_replace_key (desc, tmp, ARG_STRING, (char *) banner);
558 
559  register_service (desc, port, "uucp");
560 
561  snprintf (tmp, sizeof (tmp),
562  "An UUCP server seems to be running on this port%s",
563  get_encaps_through (trp));
564  post_log (oid, desc, port, tmp);
565 }
566 
567 
568 static void
569 mark_lpd_server (struct arglist *desc, int port, unsigned char *banner, int trp)
570 {
571  char tmp[255];
572 
573  register_service (desc, port, "lpd");
574  snprintf (tmp, sizeof (tmp),
575  "A LPD server seems to be running on this port%s",
576  get_encaps_through (trp));
577  post_log (oid, desc, port, tmp);
578 }
579 
580 
581 /* http://www.lysator.liu.se/lyskom/lyskom-server/ */
582 static void
583 mark_lyskom_server (struct arglist *desc, int port, unsigned char *banner,
584  int trp)
585 {
586  char tmp[255];
587 
588  register_service (desc, port, "lyskom");
589  snprintf (tmp, sizeof (tmp),
590  "A LysKOM server seems to be running on this port%s",
591  get_encaps_through (trp));
592  post_log (oid, desc, port, tmp);
593 }
594 
595 /* http://www.emailman.com/ph/ */
596 static void
597 mark_ph_server (struct arglist *desc, int port, unsigned char *banner, int trp)
598 {
599  char tmp[255];
600 
601  register_service (desc, port, "ph");
602  snprintf (tmp, sizeof (tmp),
603  "A PH server seems to be running on this port%s",
604  get_encaps_through (trp));
605  post_log (oid, desc, port, tmp);
606 }
607 
608 static void
609 mark_time_server (struct arglist *desc, int port, unsigned char *banner, int trp)
610 {
611  char tmp[256];
612 
613  register_service (desc, port, "time");
614  snprintf (tmp, sizeof (tmp),
615  "A time server seems to be running on this port%s",
616  get_encaps_through (trp));
617  post_log (oid, desc, port, tmp);
618 }
619 
620 
621 static void
622 mark_ens_server (struct arglist *desc, int port, char *banner, int trp)
623 {
624  char tmp[255];
625  register_service (desc, port, "iPlanetENS");
626 
627  snprintf (tmp, sizeof (tmp),
628  "An iPlanet ENS (Event Notification Server) seems to be running on this port%s",
629  get_encaps_through (trp));
630  post_log (oid, desc, port, tmp);
631 }
632 
633 static void
634 mark_citrix_server (struct arglist *desc, int port, const char *banner, int trp)
635 {
636  char tmp[255];
637 
638  register_service (desc, port, "citrix");
639  snprintf (tmp, sizeof (tmp),
640  "a Citrix server seems to be running on this port%s",
641  get_encaps_through (trp));
642  post_log (oid, desc, port, tmp);
643 }
644 
645 static void
646 mark_giop_server (struct arglist *desc, int port, const char *banner, int trp)
647 {
648  char tmp[255];
649 
650  register_service (desc, port, "giop");
651  snprintf (tmp, sizeof (tmp),
652  "A GIOP-enabled service is running on this port%s",
653  get_encaps_through (trp));
654 
655  post_log (oid, desc, port, tmp);
656 }
657 
658 static void
659 mark_exchg_routing_server (struct arglist *desc, int port, char *buffer,
660  int trp)
661 {
662  char ban[255];
663 
664  register_service (desc, port, "exchg-routing");
665  snprintf (ban, sizeof (ban), "exchg-routing/banner/%d", port);
666  plug_replace_key (desc, ban, ARG_STRING, buffer);
667  {
668  snprintf (ban, sizeof (ban),
669  "A Microsoft Exchange routing server is running on this port%s",
670  get_encaps_through (trp));
671  post_log (oid, desc, port, ban);
672  }
673 }
674 
675 
676 static void
677 mark_tcpmux_server (struct arglist *desc, int port, char *buffer, int trp)
678 {
679  char msg[255];
680 
681  register_service (desc, port, "tcpmux");
682  snprintf (msg, sizeof (msg),
683  "A tcpmux server seems to be running on this port%s",
684  get_encaps_through (trp));
685  post_log (oid, desc, port, msg);
686 }
687 
688 
689 static void
690 mark_BitTorrent_server (struct arglist *desc, int port, unsigned char *buffer, int trp)
691 {
692  char msg[255];
693 
694  register_service (desc, port, "BitTorrent");
695  snprintf (msg, sizeof (msg),
696  "A BitTorrent server seems to be running on this port%s",
697  get_encaps_through (trp));
698  post_log (oid, desc, port, msg);
699 }
700 
701 static void
702 mark_smux_server (struct arglist *desc, int port, unsigned char *buffer,
703  int trp)
704 {
705  char msg[255];
706 
707  register_service (desc, port, "smux");
708  snprintf (msg, sizeof (msg),
709  "A SNMP Multiplexer (smux) seems to be running on this port%s",
710  get_encaps_through (trp));
711  post_log (oid, desc, port, msg);
712 }
713 
714 
715 /*
716  * LISa is the LAN Information Server that comes
717  * with KDE in Mandrake Linux 9.0. Apparently
718  * it usually runs on port 7741.
719  */
720 static void
721 mark_LISa_server (struct arglist *desc, int port, unsigned char *banner,
722  int trp)
723 {
724  char tmp[255];
725 
726  register_service (desc, port, "LISa");
727  snprintf (tmp, sizeof (tmp), "A LISa daemon is running on this port%s",
728  get_encaps_through (trp));
729 
730  post_log (oid, desc, port, tmp);
731 }
732 
733 
734 /*
735  * msdtc is Microsoft Distributed Transaction Coordinator
736  *
737  * Thanks to jtant@shardwebdesigns.com for reporting it
738  *
739  */
740 static void
741 mark_msdtc_server (struct arglist *desc, int port, unsigned char *buffer)
742 {
743  register_service (desc, port, "msdtc");
744  post_log (oid, desc, port, "A MSDTC server is running on this port");
745 }
746 
747 static void
748 mark_pop3pw_server (struct arglist *desc, int port, char *buffer, int trp)
749 {
750  char ban[512];
751  register_service (desc, port, "pop3pw");
752  snprintf (ban, sizeof (ban), "pop3pw/banner/%d", port);
753  plug_replace_key (desc, ban, ARG_STRING, buffer);
754  snprintf (ban, sizeof (ban), "A pop3pw server is running on this port%s",
755  get_encaps_through (trp));
756  post_log (oid, desc, port, ban);
757 }
758 
759 /*
760  * whois++ server, thanks to Adam Stephens - http://roads.sourceforge.net/index.php
761  *
762  * 00: 25 20 32 32 30 20 4c 55 54 20 57 48 4f 49 53 2b % 220 LUT WHOIS+
763  * 10: 2b 20 73 65 72 76 65 72 20 76 32 2e 31 20 72 65 + server v2.1 re
764  * 20: 61 64 79 2e 20 20 48 69 21 0d 0a 25 20 32 30 30 ady. Hi!..% 200
765  * 30: 20 53 65 61 72 63 68 69 6e 67 20 66 6f 72 20 47 Searching for G
766  * 40: 45 54 26 2f 26 48 54 54 50 2f 31 2e 30 0d 0a 25 ET&/&HTTP/1.0..%
767  * 50: 20 35 30 30 20 45 72 72 6f 72 20 70 61 72 73 69 500 Error parsi
768  * 60: 6e 67 20 42 6f 6f 6c 65 61 6e 20 65 78 70 72 65 ng Boolean expre
769  * 70: 73 73 69 6f 6e 0d 0a ssion..
770  */
771 
772 static void
773 mark_whois_plus2_server (struct arglist *desc, int port, char *buffer, int trp)
774 {
775  char ban[255];
776  register_service (desc, port, "whois++");
777  snprintf (ban, sizeof (ban), "whois++/banner/%d", port);
778  plug_replace_key (desc, ban, ARG_STRING, buffer);
779  snprintf (ban, sizeof (ban), "A whois++ server is running on this port%s",
780  get_encaps_through (trp));
781  post_log (oid, desc, port, ban);
782 }
783 
784 /*
785  * mon server, thanks to Rafe Oxley <rafe.oxley@moving-edge.net>
786  * (http://www.kernel.org/software/mon/)
787  *
788  * An unknown server is running on this port. If you know what it is, please
789  * send this banner to the Nessus team: 00: 35 32 30 20 63 6f 6d 6d 61 6e 64
790  * 20 63 6f 75 6c 520 command coul 10: 64 20 6e 6f 74 20 62 65 20 65 78 65 63
791  * 75 74 65 d not be execute 20: 64 0a d.
792  */
793 static void
794 mark_mon_server (struct arglist *desc, int port, char *buffer, int trp)
795 {
796  char ban[255];
797  register_service (desc, port, "mon");
798  snprintf (ban, sizeof (ban), "mon/banner/%d", port);
799  plug_replace_key (desc, ban, ARG_STRING, buffer);
800  snprintf (ban, sizeof (ban), "A mon server is running on this port%s",
801  get_encaps_through (trp));
802  post_log (oid, desc, port, ban);
803 }
804 
805 
806 static void
807 mark_fw1 (struct arglist *desc, int port, char *buffer, int trp)
808 {
809  char ban[255];
810  register_service (desc, port, "cpfw1");
811  plug_replace_key (desc, ban, ARG_STRING, buffer);
812  snprintf (ban, sizeof (ban),
813  "A CheckPoint FW1 SecureRemote or FW1 FWModule server is running on this port%s",
814  get_encaps_through (trp));
815  post_log (oid, desc, port, ban);
816 }
817 
818 /*
819  * From: Mike Gitarev [mailto:mik@bofh.lv]
820  *
821  * http://www.psychoid.lam3rz.de
822  * 00: 3a 57 65 6c 63 6f 6d 65 21 70 73 79 42 4e 43 40 :Welcome!psyBNC@
823  * 10: 6c 61 6d 33 72 7a 2e 64 65 20 4e 4f 54 49 43 45 lam3rz.de NOTICE
824  * 20: 20 2a 20 3a 70 73 79 42 4e 43 32 2e 33 2e 31 2d * :psyBNC2.3.1-
825  * 30: 37 0d 0a 7..
826  */
827 
828 static void
829 mark_psybnc (struct arglist *desc, int port, char *buffer, int trp)
830 {
831  char ban[255];
832  register_service (desc, port, "psybnc");
833  plug_replace_key (desc, ban, ARG_STRING, buffer);
834  snprintf (ban, sizeof (ban), "A PsyBNC IRC proxy is running on this port%s",
835  get_encaps_through (trp));
836  post_log (oid, desc, port, ban);
837 }
838 
839 /*
840  * From "Russ Paton" <russell.paton@blueyonder.co.uk>
841  *
842  * 00: 49 43 59 20 32 30 30 20 4f 4b 0d 0a 69 63 79 2d ICY 200 OK..icy-
843  * 10: 6e 6f 74 69 63 65 31 3a 3c 42 52 3e 54 68 69 73 notice1:<BR>This
844  * 20: 20 73 74 72 65 61 6d 20 72 65 71 75 69 72 65 73 stream requires
845  */
846 static void
847 mark_shoutcast_server (struct arglist *desc, int port, char *buffer, int trp)
848 {
849  char ban[255];
850  register_service (desc, port, "shoutcast");
851  plug_replace_key (desc, ban, ARG_STRING, buffer);
852  snprintf (ban, sizeof (ban), "A shoutcast server is running on this port%s",
853  get_encaps_through (trp));
854  post_log (oid, desc, port, ban);
855 }
856 
857 
858 /*
859  * From "Hendrickson, Chris" <chendric@qssmeds.com>
860  * 00: 41 64 73 47 6f 6e 65 20 42 6c 6f 63 6b 65 64 20 AdsGone Blocked
861  * 10: 48 54 4d 4c 20 41 64 HTML Ad
862  */
863 
864 static void
865 mark_adsgone (struct arglist *desc, int port, char *buffer, int trp)
866 {
867  char ban[255];
868  register_service (desc, port, "adsgone");
869  plug_replace_key (desc, ban, ARG_STRING, buffer);
870  snprintf (ban, sizeof (ban),
871  "An AdsGone (a popup banner blocking server) is running on this port%s",
872  get_encaps_through (trp));
873  post_log (oid, desc, port, ban);
874 }
875 
876 
877 
878 /*
879  * Sig from harm vos <h.vos@fwn.rug.nl> :
880  *
881  * 00: 2a 20 41 43 41 50 20 28 49 4d 50 4c 45 4d 45 4e * ACAP (IMPLEMEN 10:
882  * 54 41 54 49 4f 4e 20 22 43 6f 6d 6d 75 6e 69 47 TATION "CommuniG 20: 61
883  * 74 65 20 50 72 6f 20 41 43 41 50 20 34 2e 30 ate Pro ACAP 4.0 30: 62 39
884  * 22 29 20 28 53 54 41 52 54 54 4c 53 29 20 b9") (STARTTLS) 40: 28 53 41
885  * 53 4c 20 22 4c 4f 47 49 4e 22 20 22 50 (SASL "LOGIN" "P 50: 4c 41 49 4e
886  * 22 20 22 43 52 41 4d 2d 4d 44 35 22 LAIN" "CRAM-MD5" 60: 20 22 44 49 47
887  * 45 53 54 2d 4d 44 35 22 20 22 4e "DIGEST-MD5" "N 70: 54 4c 4d 22 29 20
888  * 28 43 4f 4e 54 45 58 54 4c 49 TLM") (CONTEXTLI 80: 4d 49 54 20 22 32 30
889  * 30 22 29 0d 0a MIT "200")..
890  *
891  * The ACAP protocol allows a client (mailer) application to connect to the
892  * Server computer and upload and download the application preferences,
893  * configuration settings and other datasets (such as personal address
894  * books).
895  */
896 static void
897 mark_acap_server (struct arglist *desc, int port, char *buffer, int trp)
898 {
899  char ban[255];
900  register_service (desc, port, "acap");
901  snprintf (ban, sizeof (ban), "acap/banner/%d", port);
902  plug_replace_key (desc, ban, ARG_STRING, buffer);
903  {
904  snprintf (ban, sizeof (ban), "An ACAP server is running on this port%s",
905  get_encaps_through (trp));
906  post_log (oid, desc, port, ban);
907  }
908 }
909 
910 
911 /*
912  * Sig from Cedric Foll <cedric.foll@ac-rouen.fr>
913  *
914  *
915  * 00: 53 6f 72 72 79 2c 20 79 6f 75 20 28 31 37 32 2e Sorry, you (172. 10: 33
916  * 30 2e 31 39 32 2e 31 30 33 29 20 61 72 65 20 30.192.103)are 20: 6e 6f 74
917  * 20 61 6d 6f 6e 67 20 74 68 65 20 61 6c not among the al 30: 6c 6f 77 65 64
918  * 20 68 6f 73 74 73 2e 2e 2e 0a lowed hosts....
919  *
920  * The ACAP protocol allows a client (mailer) application to connect to the
921  * Server computer and upload and download the application preferences,
922  * configuration settings and other datasets (such as personal address
923  * books).
924  */
925 static void
926 mark_nagiosd_server (struct arglist *desc, int port, char *buffer, int trp)
927 {
928  char ban[255];
929  register_service (desc, port, "nagiosd");
930  snprintf (ban, sizeof (ban), "A nagiosd server is running on this port%s",
931  get_encaps_through (trp));
932  post_log (oid, desc, port, ban);
933 
934 }
935 
936 /*
937  * Sig from Michael Löffler <nimrod@n1mrod.de>
938  *
939  * 00: 5b 54 53 5d 0a 65 72 72 6f 72 0a [TS].error.
940  *
941  * That's Teamspeak2 rc2 Server - http://www.teamspeak.org/
942  */
943 static void
944 mark_teamspeak2_server (struct arglist *desc, int port, char *buffer, int trp)
945 {
946  char ban[255];
947  register_service (desc, port, "teamspeak2");
948  snprintf (ban, sizeof (ban),
949  "A teamspeak2 server is running on this port%s",
950  get_encaps_through (trp));
951  post_log (oid, desc, port, ban);
952 
953 }
954 
955 
956 /*
957  * Sig from <Gary.Crowell@experian.com>
958  *
959  *
960  *
961  *
962  * 00: 4c 61 6e 67 75 61 67 65 20 72 65 63 65 69 76 65 Language receive 10:
963  * 64 20 66 72 6f 6d 20 63 6c 69 65 6e 74 3a 20 47 d from client: G 20: 45
964  * 54 20 2f 20 48 54 54 50 2f 31 2e 30 0d 0a 53 ET / HTTP/1.0..S 30: 65 74
965  * 6c 6f 63 61 6c 65 3a 20 0a etlocale: .
966  *
967  * Port 9090 is for WEBSM, the GUI SMIT tool that AIX RMC (port 657) is
968  * configured and used with. (AIX Version 5.1)
969  */
970 static void
971 mark_websm_server (struct arglist *desc, int port, char *buffer, int trp)
972 {
973  char ban[255];
974  register_service (desc, port, "websm");
975  snprintf (ban, sizeof (ban), "A WEBSM server is running on this port%s",
976  get_encaps_through (trp));
977  post_log (oid, desc, port, ban);
978 
979 }
980 
981 /*
982  * From Gary Crowell :
983  * 00: 43 4e 46 47 41 50 49 CNFGAPI
984  */
985 static void
986 mark_ofa_express_server (struct arglist *desc, int port, char *buffer, int trp)
987 {
988  char ban[255];
989  register_service (desc, port, "ofa_express");
990  snprintf (ban, sizeof (ban),
991  "An OFA/Express server is running on this port%s",
992  get_encaps_through (trp));
993  post_log (oid, desc, port, ban);
994 
995 }
996 
997 
998 
999 /*
1000  * From Pierre Abbat <phma@webjockey.net> 00: 53 75 53 45 20 4d 65 74 61 20
1001  * 70 70 70 64 20 28 SuSE Meta pppd ( 10: 73 6d 70 70 70 64 29 2c 20 56 65 72
1002  * 73 69 6f 6e smpppd), Version 20: 20 30 2e 37 38 0d 0a
1003  * 0.78..
1004  */
1005 static void
1006 mark_smppd_server (struct arglist *desc, int port, char *buffer, int trp)
1007 {
1008  char ban[255];
1009  register_service (desc, port, "smppd");
1010  snprintf (ban, sizeof (ban),
1011  "A SuSE Meta pppd server is running on this port%s",
1012  get_encaps_through (trp));
1013  post_log (oid, desc, port, ban);
1014 }
1015 
1016 /*
1017  * From DaLiV <daliv@apollo.lv
1018  *
1019  * 00: 45 52 52 20 55 4e 4b 4e 4f 57 4e 2d 43 4f 4d 4d ERR UNKNOWN-COMM
1020  * 10: 41 4e 44 0a 45 52 52 20 55 4e 4b 4e 4f 57 4e 2d AND.ERR UNKNOWN-
1021  * 20: 43 4f 4d 4d 41 4e 44 0a COMMAND.
1022  */
1023 static void
1024 mark_upsmon_server (struct arglist *desc, int port, char *buffer, int trp)
1025 {
1026  char ban[255];
1027  register_service (desc, port, "upsmon");
1028  snprintf (ban, sizeof (ban),
1029  "An upsd/upsmon server is running on this port%s",
1030  get_encaps_through (trp));
1031  post_log (oid, desc, port, ban);
1032 }
1033 
1034 /*
1035  * From Andrew Yates <pilot1_ace@hotmail.com>
1036  *
1037  * 00: 63 6f 6e 6e 65 63 74 65 64 2e 20 31 39 3a 35 31 connected. 19:51
1038  * 10: 20 2d 20 4d 61 79 20 32 35 2c 20 32 30 30 33 2c - May 25, 2003,
1039  * 20: 20 53 75 6e 64 61 79 2c 20 76 65 72 3a 20 4c 65 Sunday, ver: Le
1040  * 30: 67 65 6e 64 73 20 32 2e 31 gends 2.1
1041  */
1042 static void
1043 mark_sub7_server (struct arglist *desc, int port, char *buffer, int trp)
1044 {
1045  char ban[255];
1046  register_service (desc, port, "sub7");
1047  snprintf (ban, sizeof (ban), "The Sub7 trojan is running on this port%s",
1048  get_encaps_through (trp));
1049  post_alarm (oid, desc, port, ban);
1050 }
1051 
1052 
1053 /*
1054  * From "Alex Lewis" <alex@sgl.org.au>
1055  *
1056  * 00: 53 50 41 4d 44 2f 31 2e 30 20 37 36 20 42 61 64 SPAMD/1.0 76 Bad
1057  * 10: 20 68 65 61 64 65 72 20 6c 69 6e 65 3a 20 47 45 header line: GE
1058  * 20: 54 20 2f 20 48 54 54 50 2f 31 2e 30 0d 0d 0a T /
1059  */
1060 static void
1061 mark_spamd_server (struct arglist *desc, int port, char *buffer, int trp)
1062 {
1063  char ban[255];
1064  register_service (desc, port, "spamd");
1065  snprintf (ban, sizeof (ban),
1066  "a spamd server (part of spamassassin) is running on this port%s",
1067  get_encaps_through (trp));
1068  post_log (oid, desc, port, ban);
1069 }
1070 
1071 /* Thanks to Mike Blomgren */
1072 static void
1073 mark_quicktime_streaming_server (struct arglist *desc, int port, char *buffer,
1074  int trp)
1075 {
1076  char ban[255];
1077  register_service (desc, port, "quicktime-streaming-server");
1078  snprintf (ban, sizeof (ban),
1079  "a quicktime streaming server is running on this port%s",
1080  get_encaps_through (trp));
1081  post_log (oid, desc, port, ban);
1082 }
1083 
1084 /* Thanks to Allan <als@bpal.com> */
1085 static void
1086 mark_dameware_server (struct arglist *desc, int port, char *buffer, int trp)
1087 {
1088  char ban[255];
1089  register_service (desc, port, "dameware");
1090  snprintf (ban, sizeof (ban), "a dameware server is running on this port%s",
1091  get_encaps_through (trp));
1092  post_log (oid, desc, port, ban);
1093 }
1094 
1095 static void
1096 mark_stonegate_auth_server (struct arglist *desc, int port, char *buffer,
1097  int trp)
1098 {
1099  char ban[255];
1100  register_service (desc, port, "SG_ClientAuth");
1101  snprintf (ban, sizeof (ban),
1102  "a StoneGate authentication server is running on this port%s",
1103  get_encaps_through (trp));
1104  post_log (oid, desc, port, ban);
1105 }
1106 
1107 
1108 void
1109 mark_listserv_server (struct arglist *desc, int port, char *buffer, int trp)
1110 {
1111  char ban[255];
1112  register_service (desc, port, "listserv");
1113  {
1114  snprintf (ban, sizeof (ban),
1115  "A LISTSERV daemon seems to be running on this port%s",
1116  get_encaps_through (trp));
1117  post_log (oid, desc, port, ban);
1118  }
1119 }
1120 
1121 
1122 void
1123 mark_fssniffer (struct arglist *desc, int port, char *buffer, int trp)
1124 {
1125  char ban[255];
1126  register_service (desc, port, "FsSniffer");
1127  {
1128  snprintf (ban, sizeof (ban),
1129  "A FsSniffer backdoor seems to be running on this port%s",
1130  get_encaps_through (trp));
1131  post_alarm (oid, desc, port, ban);
1132  }
1133 }
1134 
1135 void
1136 mark_remote_nc_server (struct arglist *desc, int port, char *buffer, int trp)
1137 {
1138  char ban[255];
1139  register_service (desc, port, "RemoteNC");
1140  {
1141  snprintf (ban, sizeof (ban),
1142  "A RemoteNC backdoor seems to be running on this port%s",
1143  get_encaps_through (trp));
1144  post_log (oid, desc, port, ban);
1145  }
1146 }
1147 
1148 
1149 /* Do not use register_service for unknown and wrapped services! */
1150 
1151 static void
1152 mark_wrapped_svc (struct arglist *desc, int port, int delta)
1153 {
1154  char msg[256];
1155 
1156  snprintf (msg, sizeof (msg),
1157  "The service closed the connection after %d seconds "
1158  "without sending any data\n"
1159  "It might be protected by some TCP wrapper\n", delta);
1160  post_log (oid, desc, port, msg);
1161  /* Do NOT use plug_replace_key! */
1162  plug_set_key (desc, "Services/wrapped", ARG_INT, GSIZE_TO_POINTER (port));
1163 }
1164 
1165 static const char *
1166 port_to_name (int port)
1167 {
1168  /* Note: only includes services that are recognized by this plugin! */
1169  switch (port)
1170  {
1171  case 7:
1172  return "Echo";
1173  case 19:
1174  return "Chargen";
1175  case 21:
1176  return "FTP";
1177  case 22:
1178  return "SSH";
1179  case 23:
1180  return "Telnet";
1181  case 25:
1182  return "SMTP";
1183  case 37:
1184  return "Time";
1185  case 70:
1186  return "Gopher";
1187  case 79:
1188  return "Finger";
1189  case 80:
1190  return "HTTP";
1191  case 98:
1192  return "Linuxconf";
1193  case 109:
1194  return "POP2";
1195  case 110:
1196  return "POP3";
1197  case 113:
1198  return "AUTH";
1199  case 119:
1200  return "NNTP";
1201  case 143:
1202  return "IMAP";
1203  case 220:
1204  return "IMAP3";
1205  case 443:
1206  return "HTTPS";
1207  case 465:
1208  return "SMTPS";
1209  case 563:
1210  return "NNTPS";
1211  case 593:
1212  return "Http-Rpc-Epmap";
1213  case 873:
1214  return "Rsyncd";
1215  case 901:
1216  return "SWAT";
1217  case 993:
1218  return "IMAPS";
1219  case 995:
1220  return "POP3S";
1221 #if 0
1222  case 1080:
1223  return "SOCKS";
1224 #endif
1225  case 1109:
1226  return "KPOP"; /* ? */
1227  case 2309:
1228  return "Compaq Management Server";
1229  case 2401:
1230  return "CVSpserver";
1231  case 3128:
1232  return "Squid";
1233  case 3306:
1234  return "MySQL";
1235  case 5000:
1236  return "VTUN";
1237  case 5432:
1238  return "Postgres";
1239  case 8080:
1240  return "HTTP-Alt";
1241  }
1242  return NULL;
1243 }
1244 
1245 static void
1246 mark_unknown_svc (struct arglist *desc, int port, const unsigned char *banner, int trp)
1247 {
1248  char tmp[1600], *norm = NULL;
1249 
1250  /* Do NOT use plug_replace_key! */
1251  plug_set_key (desc, "Services/unknown", ARG_INT, GSIZE_TO_POINTER (port));
1252  snprintf (tmp, sizeof (tmp), "unknown/banner/%d", port);
1253  plug_replace_key (desc, tmp, ARG_STRING, (char *) banner);
1254 
1255  norm = (char *) port_to_name (port);
1256  *tmp = '\0';
1257  if (norm != NULL)
1258  {
1259  snprintf (tmp, sizeof (tmp),
1260  "An unknown service is running on this port%s.\n"
1261  "It is usually reserved for %s", get_encaps_through (trp), norm);
1262  }
1263  if (*tmp != '\0')
1264  post_log (oid, desc, port, tmp);
1265 }
1266 
1267 static void
1268 mark_gnuserv (struct arglist *desc, int port)
1269 {
1270  register_service (desc, port, "gnuserv");
1271  post_log (oid, desc, port, "gnuserv is running on this port");
1272 }
1273 
1274 static void
1275 mark_iss_realsecure (struct arglist *desc, int port)
1276 {
1277  register_service (desc, port, "issrealsecure");
1278  post_log (oid, desc, port, "ISS RealSecure is running on this port");
1279 }
1280 
1281 static void
1282 mark_vmware_auth (struct arglist *desc, int port, char *buffer, int trp)
1283 {
1284  char ban[512];
1285 
1286  register_service (desc, port, "vmware_auth");
1287 
1288  snprintf (ban, sizeof (ban),
1289  "A VMWare authentication daemon is running on this port%s:\n%s",
1290  get_encaps_through (trp), buffer);
1291  post_log (oid, desc, port, ban);
1292 }
1293 
1294 static void
1295 mark_interscan_viruswall (struct arglist *desc, int port, char *buffer, int trp)
1296 {
1297  char ban[512];
1298 
1299  register_service (desc, port, "interscan_viruswall");
1300 
1301  snprintf (ban, sizeof (ban),
1302  "An interscan viruswall is running on this port%s:\n%s",
1303  get_encaps_through (trp), buffer);
1304  post_log (oid, desc, port, ban);
1305 }
1306 
1307 static void
1308 mark_ppp_daemon (struct arglist *desc, int port, char *buffer, int trp)
1309 {
1310  char ban[512];
1311 
1312  register_service (desc, port, "pppd");
1313 
1314  snprintf (ban, sizeof (ban), "A PPP daemon is running on this port%s",
1315  get_encaps_through (trp));
1316  post_log (oid, desc, port, ban);
1317 }
1318 
1319 static void
1320 mark_zebra_server (struct arglist *desc, int port, char *buffer, int trp)
1321 {
1322  char ban[512];
1323 
1324  register_service (desc, port, "zebra");
1325  snprintf (ban, sizeof (ban), "zebra/banner/%d", port);
1326  plug_replace_key (desc, ban, ARG_STRING, buffer);
1327  snprintf (ban, sizeof (ban),
1328  "A zebra daemon (bgpd or zebrad) is running on this port%s",
1329  get_encaps_through (trp));
1330  post_log (oid, desc, port, ban);
1331 }
1332 
1333 static void
1334 mark_ircxpro_admin_server (struct arglist *desc, int port, char *buffer,
1335  int trp)
1336 {
1337  char ban[512];
1338 
1339  register_service (desc, port, "ircxpro_admin");
1340 
1341  snprintf (ban, sizeof (ban),
1342  "An IRCXPro administrative server is running on this port%s",
1343  get_encaps_through (trp));
1344  post_log (oid, desc, port, ban);
1345 }
1346 
1347 
1348 static void
1349 mark_gnocatan_server (struct arglist *desc, int port, char *buffer, int trp)
1350 {
1351  char ban[512];
1352 
1353  register_service (desc, port, "gnocatan");
1354 
1355  snprintf (ban, sizeof (ban),
1356  "A gnocatan game server is running on this port%s",
1357  get_encaps_through (trp));
1358  post_log (oid, desc, port, ban);
1359 }
1360 
1361 /* Thanks to Owell Crow */
1362 static void
1363 mark_pbmaster_server (struct arglist *desc, int port, char *buffer, int trp)
1364 {
1365  char ban[512];
1366 
1367  register_service (desc, port, "power-broker-master");
1368 
1369  snprintf (ban, sizeof (ban),
1370  "A PowerBroker master server is running on this port%s:\n%s",
1371  get_encaps_through (trp), buffer);
1372  post_log (oid, desc, port, ban);
1373 }
1374 
1375 /* Thanks to Paulo Jorge */
1376 static void
1377 mark_dictd_server (struct arglist *desc, int port, char *buffer, int trp)
1378 {
1379  char ban[512];
1380 
1381  register_service (desc, port, "dicts");
1382 
1383  snprintf (ban, sizeof (ban),
1384  "A dictd server is running on this port%s:\n%s",
1385  get_encaps_through (trp), buffer);
1386  post_log (oid, desc, port, ban);
1387 }
1388 
1389 
1390 /* Thanks to Tony van Lingen */
1391 static void
1392 mark_pnsclient (struct arglist *desc, int port, char *buffer, int trp)
1393 {
1394  char ban[512];
1395 
1396  register_service (desc, port, "pNSClient");
1397 
1398  snprintf (ban, sizeof (ban),
1399  "A Netsaint plugin (pNSClient.exe) is running on this port%s",
1400  get_encaps_through (trp));
1401  post_log (oid, desc, port, ban);
1402 }
1403 
1404 /* Thanks to Jesus D. Munoz */
1405 static void
1406 mark_veritas_backup (struct arglist *desc, int port, char *buffer, int trp)
1407 {
1408  char ban[512];
1409  register_service (desc, port, "VeritasNetBackup");
1410 
1411  snprintf (ban, sizeof (ban), "VeritasNetBackup is running on this port%s",
1412  get_encaps_through (trp));
1413  post_log (oid, desc, port, ban);
1414 }
1415 
1416 static void
1417 mark_pblocald_server (struct arglist *desc, int port, char *buffer, int trp)
1418 {
1419  char ban[512];
1420 
1421  register_service (desc, port, "power-broker-master");
1422 
1423  snprintf (ban, sizeof (ban),
1424  "A PowerBroker locald server is running on this port%s:\n%s",
1425  get_encaps_through (trp), buffer);
1426  post_log (oid, desc, port, ban);
1427 }
1428 
1429 static void
1430 mark_jabber_server (struct arglist *desc, int port, char *buffer, int trp)
1431 {
1432  char ban[255];
1433  register_service (desc, port, "jabber");
1434  snprintf (ban, sizeof (ban),
1435  "jabber daemon seems to be running on this port%s",
1436  get_encaps_through (trp));
1437  post_log (oid, desc, port, ban);
1438 }
1439 
1440 
1441 static void
1442 mark_avotus_mm_server (struct arglist *desc, int port, char *buffer, int trp)
1443 {
1444  char ban[512];
1445 
1446  register_service (desc, port, "avotus_mm");
1447 
1448  snprintf (ban, sizeof (ban),
1449  "An avotus 'mm' server is running on this port%s:\n%s",
1450  get_encaps_through (trp), buffer);
1451  post_log (oid, desc, port, ban);
1452 }
1453 
1454 static void
1455 mark_socks_proxy (struct arglist *desc, int port, int ver)
1456 {
1457  char str[256];
1458 
1459  snprintf (str, sizeof (str), "socks%d", ver);
1460  register_service (desc, port, str);
1461  snprintf (str, sizeof (str), "A SOCKS%d proxy is running on this port. ",
1462  ver);
1463  post_log (oid, desc, port, str);
1464 }
1465 
1466 static void
1467 mark_direct_connect_hub (struct arglist *desc, int port, int trp)
1468 {
1469  char str[256];
1470 
1471  register_service (desc, port, "DirectConnectHub");
1472  snprintf (str, sizeof (str),
1473  "A Direct Connect Hub is running on this port%s",
1474  get_encaps_through (trp));
1475  post_log (oid, desc, port, str);
1476 }
1477 
1478 /*
1479  * We determine if the 4 bytes we received look like a date. We
1480  * accept clocks desynched up to 3 years;
1481  *
1482  * MA 2002-09-09 : time protocol (RFC 738) returns number of seconds since
1483  * 1900-01-01, while time() returns nb of sec since 1970-01-01.
1484  * The difference is 2208988800 seconds.
1485  * By the way, although the RFC is imprecise, it seems that the returned
1486  * integer is in "network byte order" (i.e. big endian)
1487  */
1488 #define MAX_SHIFT (3*365*86400)
1489 #define DIFF_1970_1900 2208988800U
1490 
1491 static int
1492 may_be_time (time_t * rtime)
1493 {
1494 #ifndef ABS
1495 #define ABS(x) (((x) < 0) ? -(x):(x))
1496 #endif
1497  time_t now = time (NULL);
1498  int rt70 = ntohl (*rtime) - DIFF_1970_1900;
1499 
1500  if (ABS (now - rt70) < MAX_SHIFT)
1501  return 1;
1502  else
1503  return 0;
1504 }
1505 
1506 
1507 static int
1508 plugin_do_run (struct arglist *desc, struct arglist *h, int test_ssl)
1509 {
1510  char *head = "Ports/tcp/", *host_fqdn;
1511  u_short unknown[65535];
1512  int num_unknown = 0;
1513  int len_head = strlen (head);
1514 
1515  int rw_timeout = 20, cnx_timeout = 20, wrap_timeout = 20;
1516  int x, timeout;
1517  char *rw_timeout_s = get_plugin_preference (oid, RW_TIMEOUT_PREF);
1518  char *cnx_timeout_s = get_plugin_preference (oid, CNX_TIMEOUT_PREF);
1519  char *wrap_timeout_s = get_plugin_preference (oid, WRAP_TIMEOUT_PREF);
1520  unsigned char *p;
1521  fd_set rfds, wfds;
1522  struct timeval tv;
1523  char k[32], *http_get;
1524 #ifdef DEBUG
1525  struct host_info *hostinfo = arg_get_value (desc, "HOSTNAME");
1526  struct in_addr *p_ip = hostinfo->ip;
1527 #endif
1528 
1529  host_fqdn = plug_get_host_fqdn (desc);
1530  http_get = g_strdup_printf ("GET / HTTP/1.0\r\nHost: %s\r\n\r\n",
1531  host_fqdn);
1532  g_free (host_fqdn);
1533 
1534  if (rw_timeout_s != NULL && (x = atoi (rw_timeout_s)) > 0)
1535  rw_timeout = x;
1536  if (cnx_timeout_s != NULL && (x = atoi (cnx_timeout_s)) > 0)
1537  cnx_timeout = x;
1538  if (wrap_timeout_s != NULL && (x = atoi (wrap_timeout_s)) >= 0)
1539  wrap_timeout = x;
1540 
1541  bzero (unknown, sizeof (unknown));
1542 
1543  while (h && h->next)
1544  {
1545  if ((strlen (h->name) > len_head) && !strncmp (h->name, head, len_head))
1546  {
1547  int cnx;
1548  char *line;
1549  char *origline;
1550  int trp, i;
1551  char buffer[2049];
1552  unsigned char *banner = NULL, *bannerHex = NULL;
1553  int banner_len;
1554  int port = atoi (h->name + len_head);
1555  int flg = 0;
1556  int unindentified_service = 0;
1557  int three_digits = 0;
1558  int maybe_wrapped = 0;
1559  char kb[64];
1560  int get_sent = 0;
1561  struct timeval tv1, tv2;
1562  int diff_tv = 0, diff_tv2 = 0;
1563  int type, no_banner_grabbed = 0;
1564 
1565 #define DIFFTV1000(t1,t2) ((t1.tv_sec - t2.tv_sec)*1000 + (t1.tv_usec - t2.tv_usec)/1000)
1566 
1567  bzero (buffer, sizeof (buffer));
1568  banner_len = 0;
1569  snprintf (kb, sizeof (kb), "BannerHex/%d", port);
1570  bannerHex = plug_get_key (desc, kb, &type, 0);
1571  if (type == ARG_STRING && bannerHex != NULL && bannerHex[0] != '\0')
1572  {
1573  int i, c1, c2;
1574  banner_len = strlen ((char *) bannerHex) / 2;
1575  if (banner_len >= sizeof (buffer))
1576  banner_len = sizeof (buffer) - 1;
1577  for (i = 0; i < banner_len; i++)
1578  {
1579  c1 = bannerHex[2 * i];
1580  if (c1 >= 0 && c1 <= 9)
1581  c1 -= '0';
1582  else if (c1 >= 'a' && c1 <= 'f')
1583  c1 -= 'a';
1584  else if (c1 >= 'A' && c1 <= 'F')
1585  c1 -= 'A';
1586  else
1587  banner_len = 0; /* Invalid value */
1588  c2 = bannerHex[2 * i + 1];
1589  if (c2 >= 0 && c2 <= 9)
1590  c2 -= '0';
1591  else if (c2 >= 'a' && c2 <= 'f')
1592  c2 -= 'a';
1593  else if (c2 >= 'A' && c2 <= 'F')
1594  c2 -= 'A';
1595  else
1596  banner_len = 0; /* Invalid value */
1597  buffer[i] = c1 << 4 | c2;
1598  }
1599  buffer[i] = '\0';
1600  if (banner_len > 0)
1601  banner = (unsigned char *) buffer;
1602 #ifdef DEBUG
1604  ("find_service(%s): found hex banner in KB for port %d len=%d",
1605  inet_ntoa (*p_ip), port, banner_len);
1606 #endif
1607  }
1608  g_free (bannerHex);
1609  if (banner_len == 0)
1610  {
1611  snprintf (kb, sizeof (kb), "Banner/%d", port);
1612  banner = plug_get_key (desc, kb, &type, 0);
1613  if (banner)
1614  {
1615  banner_len = strlen ((char *) banner);
1616 #ifdef DEBUG
1618  ("find_service(%s): found banner in KB for port %d len=%d",
1619  inet_ntoa (*p_ip), port, banner_len);
1620 #endif
1621  }
1622  }
1623  if (banner_len > 0)
1624  {
1625 #ifdef DEBUG
1627  ("find_service(%s): banner is known on port %d -"
1628  " will not open a new connection", inet_ntoa (*p_ip), port);
1629 #endif
1630  cnx = -1;
1631  trp = OPENVAS_ENCAPS_IP;
1632  }
1633  else
1634  {
1635 #ifdef DEBUG
1637  ("find_service(%s): banner is unknown on port %d"
1638  " - connecting...", inet_ntoa (*p_ip), port);
1639 #endif
1640  if (banner != NULL)
1641  {
1642  g_free (banner);
1643  banner = NULL;
1644  }
1645  /* If test_ssl is set, try with TLS first. */
1646  if (test_ssl)
1648  else
1649  trp = OPENVAS_ENCAPS_IP;
1650  gettimeofday (&tv1, NULL);
1651  cnx = open_stream_connection (desc, port, trp, cnx_timeout);
1652  if (cnx < 0 && test_ssl)
1653  {
1654  trp = OPENVAS_ENCAPS_IP;
1655  gettimeofday (&tv1, NULL);
1656  cnx = open_stream_connection (desc, port, trp, cnx_timeout);
1657  }
1658  gettimeofday (&tv2, NULL);
1659  diff_tv = DIFFTV1000 (tv2, tv1);
1660  }
1661 
1662  if (cnx >= 0 || banner_len > 0)
1663  {
1664  int len, line_len;
1665  int realfd = -1;
1666 
1667  if (cnx >= 0)
1668  {
1669  realfd = openvas_get_socket_from_connection (cnx);
1670  snprintf (k, sizeof (k), "FindService/CnxTime1000/%d",
1671  port);
1672  plug_replace_key (desc, k, ARG_INT,
1673  GSIZE_TO_POINTER (diff_tv));
1674  snprintf (k, sizeof (k), "FindService/CnxTime/%d", port);
1675  plug_replace_key (desc, k, ARG_INT,
1676  GSIZE_TO_POINTER (((diff_tv +
1677  500) / 1000)));
1678  if (diff_tv / 1000 > cnx_timeout)
1679  plug_replace_key (desc, "/tmp/SlowFindService", ARG_INT,
1680  GSIZE_TO_POINTER (1));
1681  }
1682 #ifdef DEBUG
1684  ("find_service(%s): Port %d is open. \"Transport\" is %d",
1685  inet_ntoa (*p_ip), port, trp);
1686 #endif
1687  plug_set_port_transport (desc, port, trp);
1688  (void) stream_set_timeout (port, rw_timeout);
1689 
1690  if (IS_ENCAPS_SSL (trp))
1691  {
1692  char report[160];
1693  snprintf (report, sizeof (report),
1694  "A %s server answered on this port\n",
1695  get_encaps_name (trp));
1696  post_log (oid, desc, port, report);
1697  plug_set_key (desc, "Transport/SSL", ARG_INT,
1698  GSIZE_TO_POINTER (port));
1699  }
1700 
1701  len = 0;
1702  timeout = 0;
1703  if (banner_len > 0)
1704  {
1705  len = banner_len;
1706  if (banner != (unsigned char *) buffer)
1707  {
1708  if (len >= sizeof (buffer))
1709  len = sizeof (buffer) - 1;
1710  memcpy (buffer, banner, len);
1711  buffer[len] = '\0';
1712  }
1713  }
1714  else
1715  {
1716  snprintf (kb, sizeof (kb), "/tmp/NoBanner/%d", port);
1717  p = plug_get_key (desc, kb, &type, 0);
1718  if (p != NULL)
1719  {
1720  if (type == ARG_INT)
1721  no_banner_grabbed = GPOINTER_TO_SIZE (p);
1722  else if (type == ARG_STRING)
1723  no_banner_grabbed = atoi ((char *) p);
1724  }
1725  g_free (p);
1726 #ifdef DEBUG
1728  ("find_service(%s): no banner on port %d according to KB",
1729  inet_ntoa (*p_ip), port);
1730 #endif
1731 
1732  if (!no_banner_grabbed)
1733  {
1734 #ifdef SMART_TCP_RW
1735  if (trp == OPENVAS_ENCAPS_IP && realfd >= 0)
1736  {
1737  select_again:
1738  FD_ZERO (&rfds);
1739  FD_ZERO (&wfds);
1740  FD_SET (realfd, &rfds);
1741  FD_SET (realfd, &wfds);
1742 
1743  (void) gettimeofday (&tv1, NULL);
1744  tv.tv_usec = 0;
1745  tv.tv_sec = rw_timeout;
1746  x = select (realfd + 1, &rfds, &wfds, NULL, &tv);
1747  if (x < 0)
1748  {
1749  if (errno == EINTR)
1750  goto select_again;
1751  perror ("select");
1752  }
1753  else if (x == 0)
1754  timeout = 1;
1755  else if (x > 0)
1756  {
1757  if (FD_ISSET (realfd, &rfds))
1758  {
1759  len =
1760  read_stream_connection_min (cnx, buffer,
1761  1,
1762  sizeof (buffer) - 2);
1763  }
1764  }
1765  (void) gettimeofday (&tv2, NULL);
1766  diff_tv = DIFFTV1000 (tv2, tv1);
1767  }
1768  }
1769  else
1770  { /* No banner was found
1771  * by openvas_tcp_scanner */
1772 #ifdef DEBUG
1774  ("find_service(%s): no banner was found by"
1775  " openvas_tcp_scanner on port %d - sending GET"
1776  " without waiting", inet_ntoa (*p_ip), port);
1777 #endif
1778  len = 0;
1779  timeout = 0;
1780  }
1781 
1782  if (len <= 0 && !timeout)
1783 #endif
1784  {
1785 #ifdef DEBUG
1786  if (!no_banner_grabbed)
1788  ("No banner on port %d - sending GET", port);
1789 #endif
1791  strlen (http_get));
1792  (void) gettimeofday (&tv1, NULL);
1793  get_sent = 1;
1794  buffer[sizeof (buffer) - 1] = '\0';
1795  len =
1796  read_stream_connection (cnx, buffer,
1797  sizeof (buffer) - 1);
1798 #if 1
1799  /*
1800  * Try to work around broken
1801  * web server (or "magic
1802  * read" bug??)
1803  */
1804  if (len > 0 && len < 8
1805  && strncmp (buffer, "HTTP/1.", len) == 0)
1806  {
1807  int len2 =
1808  read_stream_connection (cnx, buffer + len,
1809  sizeof (buffer) - 1 -
1810  len);
1811  if (len2 > 0)
1812  len += len2;
1813  }
1814 #endif
1815  (void) gettimeofday (&tv2, NULL);
1816  diff_tv = DIFFTV1000 (tv2, tv1);
1817  }
1818  if (len > 0)
1819  {
1820  snprintf (k, sizeof (k), "FindService/RwTime1000/%d",
1821  port);
1822  plug_replace_key (desc, k, ARG_INT,
1823  GSIZE_TO_POINTER (diff_tv));
1824  snprintf (k, sizeof (k), "FindService/RwTime/%d", port);
1825  plug_replace_key (desc, k, ARG_INT,
1826  GSIZE_TO_POINTER ((diff_tv +
1827  500) / 1000));
1828  if (diff_tv / 1000 > rw_timeout)
1829  plug_replace_key (desc, "/tmp/SlowFindService",
1830  ARG_INT, GSIZE_TO_POINTER (1));
1831  }
1832  }
1833 
1834  if (len > 0)
1835  {
1836  banner = g_malloc0 (len + 1);
1837  memcpy (banner, buffer, len);
1838  banner[len] = '\0';
1839 
1840  for (i = 0; i < len; i++)
1841  buffer[i] = ( buffer[i] == '\0' ) ? 'x' : tolower (buffer[i]);
1842 
1843  line = g_strdup (buffer);
1844 
1845  if (strchr (line, '\n') != NULL)
1846  {
1847  char *t = strchr (line, '\n');
1848  t[0] = '\0';
1849  }
1850  if (isdigit (banner[0]) && isdigit (banner[1])
1851  && isdigit (banner[2]) && (banner[3] == '\0'
1852  || isspace (banner[3])
1853  || banner[3] == '-'))
1854  {
1855  /*
1856  * Do NOT use
1857  * plug_replace_key!
1858  */
1859  plug_set_key (desc, "Services/three_digits", ARG_INT,
1860  GSIZE_TO_POINTER (port));
1861  /*
1862  * Do *not* set
1863  * Known/tcp/<port> to
1864  * "three_digits": the
1865  * service must remain
1866  * "unknown"
1867  */
1868  three_digits = 1;
1869  }
1870  if (get_sent)
1871  snprintf (kb, sizeof (kb), "FindService/tcp/%d/get_http",
1872  port);
1873  else
1874  snprintf (kb, sizeof (kb),
1875  "FindService/tcp/%d/spontaneous", port);
1876  plug_replace_key (desc, kb, ARG_STRING, banner);
1877 
1878  {
1879  char buf2[sizeof (buffer) * 2 + 1];
1880  int y, flag = 0;
1881 
1882  strcat (kb, "Hex");
1883 
1884  if (len >= sizeof (buffer))
1885  len = sizeof (buffer);
1886 
1887  for (y = 0; y < len; y++)
1888  {
1889  snprintf (buf2 + 2 * y, sizeof (buf2) - (2 * y),
1890  "%02x", (unsigned char) banner[y]);
1891  if (banner[y] == '\0')
1892  flag = 1;
1893  }
1894  buf2[2 * y] = '\0';
1895  if (flag)
1896  plug_replace_key (desc, kb, ARG_STRING, buf2);
1897  }
1898 
1899  origline = g_strdup ((char *) banner);
1900  if (strchr (origline, '\n') != NULL)
1901  {
1902  char *t = strchr (origline, '\n');
1903  t[0] = '\0';
1904  }
1905  line_len = strlen (origline);
1906 
1907  /*
1908  * Many services run on the top of an HTTP protocol,
1909  * so the HTTP test is not an 'ELSE ... IF'
1910  */
1911  if ((!strncmp (line, "http/1.", 7) ||
1912  strstr ((char *) banner,
1913  "<title>Not supported</title>")))
1914  { /* <- broken hp
1915  * jetdirect */
1916  flg++;
1917  if (!
1918  (port == 5000
1919  && (strstr (line, "http/1.1 400 bad request") !=
1920  NULL))
1921  &&
1922  !(strncmp
1923  (line, "http/1.0 403 forbidden",
1924  strlen ("http/1.0 403 forbidden")) == 0
1925  && strstr (buffer, "server: adsubtract") != NULL))
1926  mark_http_server (desc, port, banner, trp);
1927 
1928  }
1929  /*
1930  * RFC 854 defines commands between 240 and 254
1931  * shouldn't we look for them too?
1932  */
1933  if (((u_char) buffer[0] == 255)
1934  && (((u_char) buffer[1] == 251)
1935  || ((u_char) buffer[1] == 252)
1936  || ((u_char) buffer[1] == 253)
1937  || ((u_char) buffer[1] == 254)))
1938  mark_telnet_server (desc, port, origline, trp);
1939  else if (((u_char) buffer[0] == 0)
1940  && ((u_char) buffer[1] == 1)
1941  && ((u_char) buffer[2] == 1)
1942  && ((u_char) buffer[3] == 0))
1943  mark_gnome14_server (desc, port, origline, trp);
1944  else
1945  if (strncmp
1946  (line, "http/1.0 403 forbidden",
1947  strlen ("http/1.0 403 forbidden")) == 0
1948  && strstr (buffer, "server: adsubtract") != NULL)
1949  {
1950  mark_locked_adsubtract_server (desc, port, banner, trp);
1951  }
1952  else if (strstr ((char *) banner, "Eggdrop") != NULL &&
1953  strstr ((char *) banner, "Eggheads") != NULL)
1954  mark_eggdrop_server (desc, port, origline, trp);
1955  else if (strncmp (line, "$lock ", strlen ("$lock ")) == 0)
1956  mark_direct_connect_hub (desc, port, trp);
1957  else if (len > 34 && strstr (&(buffer[34]), "iss ecnra"))
1958  mark_iss_realsecure (desc, port);
1959  else if (len == 4 && origline[0] == 'Q' && origline[1] == 0
1960  && origline[2] == 0 && origline[3] == 0)
1961  mark_fw1 (desc, port, origline, trp);
1962  else if (strstr (line, "adsgone blocked html ad") != NULL)
1963  mark_adsgone (desc, port, origline, trp);
1964  else if (strncmp (line, "icy 200 ok", strlen ("icy 200 ok"))
1965  == 0)
1966  mark_shoutcast_server (desc, port, origline, trp);
1967  else if ((!strncmp (line, "200", 3)
1968  &&
1969  (strstr
1970  (line, "running eudora internet mail server")))
1971  || (strstr (line, "+ok applepasswordserver") !=
1972  NULL))
1973  mark_pop3pw_server (desc, port, origline, trp);
1974  else
1975  if ((strstr (line, "smtp")
1976  || strstr (line, "simple mail transfer")
1977  || strstr (line, "mail server")
1978  || strstr (line, "messaging")
1979  || strstr (line, "Weasel"))
1980  && !strncmp (line, "220", 3))
1981  mark_smtp_server (desc, port, origline, trp);
1982  else if (strstr (line, "220 ***************") || strstr (line, "220 eSafe@")) /* CISCO SMTP (?) - see
1983  * bug #175 */
1984  mark_smtp_server (desc, port, origline, trp);
1985  else if (strstr (line, "220 esafealert") != NULL)
1986  mark_smtp_server (desc, port, origline, trp);
1987  else if (strncmp (line, "220", 3) == 0 &&
1988  strstr (line, "groupwise internet agent") != NULL)
1989  mark_smtp_server (desc, port, origline, trp);
1990  else if (strncmp (line, "220", 3) == 0
1991  && strstr (line, " SNPP ") != NULL)
1992  mark_snpp_server (desc, port, origline, trp);
1993  else if (strncmp (line, "200", 3) == 0 &&
1994  strstr (line, "mail ") != NULL)
1995  mark_smtp_server (desc, port, origline, trp);
1996  else if (strncmp (line, "421", 3) == 0
1997  && strstr (line, "smtp ") != NULL)
1998  mark_smtp_server (desc, port, origline, trp);
1999  else if ( line[0] != '\0' && ( ( strncmp (buffer + 1,"host '", 6) == 0) || ( strstr (buffer, "mysql") != NULL || strstr (buffer,"mariadb") != NULL ) ) )
2000  mark_mysql (desc, port, origline);
2001  else if (!strncmp (line, "efatal", 6)
2002  || !strncmp (line, "einvalid packet length",
2003  strlen ("einvalid packet length")))
2004  mark_postgresql (desc, port, origline);
2005  else if (strstr (line, "cvsup server ready") != NULL)
2006  mark_cvsupserver (desc, port, origline, trp);
2007  else if (!strncmp (line, "cvs [pserver aborted]:", 22) ||
2008  !strncmp (line, "cvs [server aborted]:", 21))
2009  mark_cvspserver (desc, port, origline, trp);
2010  else if (!strncmp (line, "cvslock ", 8))
2011  mark_cvslockserver (desc, port, origline, trp);
2012  else if (!strncmp (line, "@rsyncd", 7))
2013  mark_rsync (desc, port, origline, trp);
2014  else if ((len == 4) && may_be_time ((time_t *) banner))
2015  mark_time_server (desc, port, banner, trp);
2016  else if (strstr (buffer, "rmserver")
2017  || strstr (buffer, "realserver"))
2018  mark_rmserver (desc, port, origline, trp);
2019  else
2020  if ((strstr (line, "ftp") || strstr (line, "winsock")
2021  || strstr (line, "axis network camera")
2022  || strstr (line, "netpresenz")
2023  || strstr (line, "serv-u")
2024  || strstr (line, "service ready for new user"))
2025  && !strncmp (line, "220", 3))
2026  mark_ftp_server (desc, port, origline, trp);
2027  else if (strncmp (line, "220-", 4) == 0) /* FTP server with a
2028  * long banner */
2029  mark_ftp_server (desc, port, NULL, trp);
2030  else if (strstr (line, "220") && strstr (line, "whois+"))
2031  mark_whois_plus2_server (desc, port, origline, trp);
2032  else if (strstr (line, "520 command could not be executed"))
2033  mark_mon_server (desc, port, origline, trp);
2034  else if (strstr (line, "ssh-"))
2035  mark_ssh_server (desc, port, origline);
2036  else if (!strncmp (line, "+ok", 3)
2037  || (!strncmp (line, "+", 1)
2038  && strstr (line, "pop")))
2039  mark_pop_server (desc, port, origline);
2040  else if (strstr (line, "imap4")
2041  && !strncmp (line, "* ok", 4))
2042  mark_imap_server (desc, port, origline, trp);
2043  else if (strstr (line, "*ok iplanet messaging multiplexor"))
2044  mark_imap_server (desc, port, origline, trp);
2045  else if (strstr (line, "*ok communigate pro imap server"))
2046  mark_imap_server (desc, port, origline, trp);
2047  else if (strstr (line, "* ok courier-imap"))
2048  mark_imap_server (desc, port, origline, trp);
2049  else if (strncmp (line, "giop", 4) == 0)
2050  mark_giop_server (desc, port, origline, trp);
2051  else if (strstr (line, "microsoft routing server"))
2052  mark_exchg_routing_server (desc, port, origline, trp);
2053  /* Apparently an iPlanet ENS server */
2054  else if (strstr (line, "gap service ready"))
2055  mark_ens_server (desc, port, origline, trp);
2056  else if (strstr (line, "-service not available"))
2057  mark_tcpmux_server (desc, port, origline, trp);
2058  /*
2059  * Citrix sends 7f 7f 49 43 41, that
2060  * we converted to lowercase
2061  */
2062  else if (strlen (line) > 2 && line[0] == 0x7F
2063  && line[1] == 0x7F
2064  && strncmp (&line[2], "ica", 3) == 0)
2065  mark_citrix_server (desc, port, origline, trp);
2066 
2067  else if (strstr (origline, " INN ")
2068  || strstr (origline, " Leafnode ")
2069  || strstr (line, " nntp daemon")
2070  || strstr (line, " nnrp service ready")
2071  || strstr (line, "posting ok")
2072  || strstr (line, "posting allowed")
2073  || strstr (line, "502 no permission")
2074  || (strcmp (line, "502") == 0
2075  && strstr (line, "diablo") != NULL))
2076  mark_nntp_server (desc, port, origline, trp);
2077  else if (strstr (buffer, "networking/linuxconf")
2078  || strstr (buffer, "networking/misc/linuxconf")
2079  || strstr (buffer, "server: linuxconf"))
2080  mark_linuxconf (desc, port, banner);
2081  else if (strncmp (buffer, "gnudoit:", 8) == 0)
2082  mark_gnuserv (desc, port);
2083  else
2084  if ((buffer[0] == '0'
2085  && strstr (buffer, "error.host\t1") != NULL)
2086  || (buffer[0] == '3'
2087  && strstr (buffer,
2088  "That item is not currently available")))
2089  mark_gopher_server (desc, port);
2090  else
2091  if (strstr
2092  (buffer, "www-authenticate: basic realm=\"swat\""))
2093  mark_swat_server (desc, port, banner);
2094  else if (strstr (buffer, "vqserver") &&
2095  strstr (buffer, "www-authenticate: basic realm=/"))
2096  mark_vqserver (desc, port, banner);
2097  else if (strstr (buffer, "1invalid request") != NULL)
2098  mark_mldonkey (desc, port, banner);
2099  else if (strstr (buffer, "get: command not found"))
2100  mark_wild_shell (desc, port, origline);
2101  else if (strstr (buffer, "microsoft windows") != NULL &&
2102  strstr (buffer, "c:\\") != NULL &&
2103  strstr (buffer, "(c) copyright 1985-") != NULL &&
2104  strstr (buffer, "microsoft corp.") != NULL)
2105  mark_wild_shell (desc, port, origline);
2106  else if (strstr (buffer, "netbus"))
2107  mark_netbus_server (desc, port, origline);
2108  else if (strstr (line, "0 , 0 : error : unknown-error") ||
2109  strstr (line, "0, 0: error: unknown-error") ||
2110  strstr (line, "get : error : unknown-error") ||
2111  strstr (line, "0 , 0 : error : invalid-port"))
2112  mark_auth_server (desc, port, origline);
2113  else if (!strncmp (line, "http/1.", 7) && strstr (line, "proxy")) /* my proxy "HTTP/1.1
2114  * 502 Proxy Error" */
2115  mark_http_proxy (desc, port, banner, trp);
2116  else if (!strncmp (line, "http/1.", 7)
2117  && strstr (buffer, "via: "))
2118  mark_http_proxy (desc, port, banner, trp);
2119  else if (!strncmp (line, "http/1.", 7)
2120  && strstr (buffer, "proxy-connection: "))
2121  mark_http_proxy (desc, port, banner, trp);
2122  else if (!strncmp (line, "http/1.", 7)
2123  && strstr (buffer, "cache")
2124  && strstr (line, "bad request"))
2125  mark_http_proxy (desc, port, banner, trp);
2126 #if 0
2127  else if (strncmp (line, "http/1.", 7) == 0 &&
2128  strstr (buffer, "gnutella") != NULL)
2129  mark_gnutella_servent (desc, port, banner, trp);
2130 #endif
2131  else if (!strncmp (origline, "RFB 00", 6)
2132  && strstr (line, ".00"))
2133  mark_vnc_server (desc, port, origline);
2134  else if (!strncmp (line, "ncacn_http/1.", 13))
2135  mark_ncacn_http_server (desc, port, origline);
2136  else if (line_len >= 14 && /* no ending \r\n */
2137  line_len <= 18 && /* full GET request
2138  * length */
2139  strncmp (origline, http_get, line_len) == 0)
2140  mark_echo_server (desc, port);
2141  else if (strstr ((char *) banner, "!\"#$%&'()*+,-./")
2142  && strstr ((char *) banner, "ABCDEFGHIJ")
2143  && strstr ((char *) banner, "abcdefghij")
2144  && strstr ((char *) banner, "0123456789"))
2145  mark_chargen_server (desc, port);
2146  else if (strstr (line, "vtun server"))
2147  mark_vtun_server (desc, port, banner, trp);
2148  else if (strcmp (line, "login: password: ") == 0)
2149  mark_uucp_server (desc, port, banner, trp);
2150  else if (strcmp (line, "bad request") == 0 || /* See bug # 387 */
2151  strstr (line, "invalid protocol request (71): gget / http/1.0") || (strncmp (line, "lpd:", 4) == 0) || (strstr (line, "lpsched") != NULL) || (strstr (line, "malformed from address") != NULL) || (strstr (line, "no connect permissions") != NULL) || /* <- RH 8 lpd */
2152  strcmp (line, "bad request") == 0)
2153  mark_lpd_server (desc, port, banner, trp);
2154  else if (strstr (line, "%%lyskom unsupported protocol"))
2155  mark_lyskom_server (desc, port, banner, trp);
2156  else if (strstr (line, "598:get:command not recognized"))
2157  mark_ph_server (desc, port, banner, trp);
2158  else if (strstr (line, "BitTorrent prot"))
2159  mark_BitTorrent_server (desc, port, banner, trp);
2160  else if (banner[0] == 'A' && banner[1] == 0x01
2161  && banner[2] == 0x02 && banner[3] == '\0')
2162  mark_smux_server (desc, port, banner, trp);
2163  else
2164  if (!strncmp
2165  (line, "0 succeeded\n", strlen ("0 succeeded\n")))
2166  mark_LISa_server (desc, port, banner, trp);
2167  else if (strlen ((char *) banner) == 3 && banner[2] == '\n')
2168  mark_msdtc_server (desc, port, banner);
2169  else
2170  if ((!strncmp (line, "220", 3)
2171  && strstr (line, "poppassd")))
2172  mark_pop3pw_server (desc, port, origline, trp);
2173  else if (strstr (line, "welcome!psybnc@") != NULL)
2174  mark_psybnc (desc, port, origline, trp);
2175  else if (strncmp (line, "* acap ", strlen ("* acap ")) == 0)
2176  mark_acap_server (desc, port, origline, trp);
2177  else if (strstr (origline, "Sorry, you (") != NULL &&
2178  strstr (origline,
2179  "are not among the allowed hosts...\n") !=
2180  NULL)
2181  mark_nagiosd_server (desc, port, origline, trp);
2182  else if (strstr (line, "[ts].error") != NULL ||
2183  strstr (line, "[ts].\n") != NULL)
2184  mark_teamspeak2_server (desc, port, origline, trp);
2185  else if (strstr (origline, "Language received from client:")
2186  && strstr (origline, "Setlocale:"))
2187  mark_websm_server (desc, port, origline, trp);
2188  else if (strncmp (origline, "CNFGAPI", 7) == 0)
2189  mark_ofa_express_server (desc, port, origline, trp);
2190  else if (strstr (line, "suse meta pppd") != NULL)
2191  mark_smppd_server (desc, port, origline, trp);
2192  else
2193  if (strncmp
2194  (origline, "ERR UNKNOWN-COMMAND",
2195  strlen ("ERR UNKNOWN-COMMAND")) == 0)
2196  mark_upsmon_server (desc, port, origline, trp);
2197  else
2198  if (strncmp (line, "connected. ", strlen ("connected. "))
2199  == 0 && strstr (line, "legends") != NULL)
2200  mark_sub7_server (desc, port, origline, trp);
2201  else if (strncmp (line, "spamd/", strlen ("spamd/")) == 0)
2202  mark_spamd_server (desc, port, origline, trp);
2203  else if (strstr (line, " dictd ")
2204  && strncmp (line, "220", 3) == 0)
2205  mark_dictd_server (desc, port, origline, trp);
2206  else if (strncmp (line, "220 ", 4) == 0 &&
2207  strstr (line,
2208  "vmware authentication daemon") != NULL)
2209  mark_vmware_auth (desc, port, origline, trp);
2210  else if (strncmp (line, "220 ", 4) == 0 &&
2211  strstr (line, "interscan version") != NULL)
2212  mark_interscan_viruswall (desc, port, origline, trp);
2213  else if ((strlen ((char *) banner) > 1)
2214  && (banner[0] == '~')
2215  && (banner[strlen ((char *) banner) - 1] == '~')
2216  && (strchr ((char *) banner, '}') != NULL))
2217  mark_ppp_daemon (desc, port, origline, trp);
2218  else if (strstr ((char *) banner, "Hello, this is zebra ")
2219  != NULL)
2220  mark_zebra_server (desc, port, origline, trp);
2221  else if (strstr (line, "ircxpro ") != NULL)
2222  mark_ircxpro_admin_server (desc, port, origline, trp);
2223  else
2224  if (strncmp
2225  (origline, "version report",
2226  strlen ("version report")) == 0)
2227  mark_gnocatan_server (desc, port, origline, trp);
2228  else if (strncmp (origline, "RTSP/1.0", strlen ("RTSP/1.0"))
2229  && strstr (origline, "QTSS/") != NULL)
2230  mark_quicktime_streaming_server (desc, port, origline,
2231  trp);
2232  else if (strlen (origline) >= 2 && origline[0] == 0x30
2233  && origline[1] == 0x11 && origline[2] == 0)
2234  mark_dameware_server (desc, port, origline, trp);
2235  else if (strstr (line, "stonegate firewall") != NULL)
2236  mark_stonegate_auth_server (desc, port, origline, trp);
2237  else if (strncmp (line, "pbmasterd", strlen ("pbmasterd"))
2238  == 0)
2239  mark_pbmaster_server (desc, port, origline, trp);
2240  else if (strncmp (line, "pblocald", strlen ("pblocald")) ==
2241  0)
2242  mark_pblocald_server (desc, port, origline, trp);
2243  else
2244  if (strncmp
2245  (line, "<stream:error>invalid xml</stream:error>",
2246  strlen ("<stream:error>invalid xml</stream:error>"))
2247  == 0)
2248  mark_jabber_server (desc, port, origline, trp);
2249  else
2250  if (strncmp
2251  (line, "/c -2 get ctgetoptions",
2252  strlen ("/c -2 get ctgetoptions")) == 0)
2253  mark_avotus_mm_server (desc, port, origline, trp);
2254  else
2255  if (strncmp
2256  (line, "error:wrong password",
2257  strlen ("error:wrong password")) == 0)
2258  mark_pnsclient (desc, port, origline, trp);
2259  else
2260  if (strncmp (line, "1000 2", strlen ("1000 2"))
2261  == 0)
2262  mark_veritas_backup (desc, port, origline, trp);
2263  else
2264  if (strstr
2265  (line, "the file name you specified is invalid")
2266  && strstr (line, "listserv"))
2267  mark_listserv_server (desc, port, origline, trp);
2268  else
2269  if (strncmp
2270  (line, "control password:",
2271  strlen ("control password:")) == 0)
2272  mark_fssniffer (desc, port, origline, trp);
2273  else
2274  if (strncmp
2275  (line, "remotenc control password:",
2276  strlen ("remotenc control password:")) == 0)
2277  mark_remote_nc_server (desc, port, origline, trp);
2278  else
2279  if (((p =
2280  (unsigned char *) strstr ((char *) banner,
2281  "finger: GET: no such user"))
2282  != NULL
2283  && strstr ((char *) banner,
2284  "finger: /: no such user") != NULL
2285  && strstr ((char *) banner,
2286  "finger: HTTP/1.0: no such user") != NULL)
2287  || strstr ((char *) banner,
2288  "Login Name TTY Idle When Where")
2289  || strstr ((char *) banner, "Line User")
2290  || strstr ((char *) banner, "Login name: GET"))
2291  {
2292  char c = '\0';
2293  if (p != NULL)
2294  {
2295  while (p - banner > 0 && isspace (*p))
2296  p--;
2297  c = *p;
2298  *p = '\0';
2299  mark_finger_server (desc, port, p ? banner : NULL,
2300  trp);
2301  }
2302 
2303  if (p != NULL)
2304  *p = c;
2305  }
2306  else if (banner[0] == 5 && banner[1] <= 8 &&
2307  banner[2] == 0 && banner[3] <= 4)
2308  mark_socks_proxy (desc, port, 5);
2309  else if (banner[0] == 0 && banner[1] >= 90
2310  && banner[1] <= 93)
2311  mark_socks_proxy (desc, port, 4);
2312  else
2313  unindentified_service = !flg;
2314  g_free (line);
2315  g_free (origline);
2316  }
2317  /* len >= 0 */
2318  else
2319  {
2320 #ifdef DEBUG
2322  ("find_service(%s): could not read anything from port %d",
2323  inet_ntoa (*p_ip), port);
2324 #endif
2325  unindentified_service = 1;
2326 #define TESTSTRING "OpenVAS Wrap Test"
2327  if (trp == OPENVAS_ENCAPS_IP && wrap_timeout > 0)
2328 #if 0
2330  (cnx, TESTSTRING, sizeof (TESTSTRING) - 1) <= 0)
2331 #endif
2332  maybe_wrapped = 1;
2333  }
2334  if (cnx > 0)
2336 
2337  /*
2338  * I'll clean this later. Meanwhile, we will not print a silly message
2339  * for rsh and rlogin.
2340  */
2341  if (port == 513 /* rlogin */ || port == 514 /* rsh */ )
2342  maybe_wrapped = 0;
2343 
2344  if (maybe_wrapped /* && trp ==
2345  * OPENVAS_ENCAPS_IP &&
2346  wrap_timeout > 0 */ )
2347  {
2348  int nfd, fd, x, flag = 0;
2349  char b;
2350 
2351 #ifdef DEBUG
2353  ("find_service(%s): potentially wrapped service on port %d",
2354  inet_ntoa (*p_ip), port);
2355 #endif
2356  nfd =
2358  cnx_timeout);
2359  if (nfd >= 0)
2360  {
2362  select_again2:
2363  FD_ZERO (&rfds);
2364  FD_SET (fd, &rfds);
2365  tv.tv_sec = wrap_timeout;
2366  tv.tv_usec = 0;
2367 
2368  signal (SIGALRM, SIG_IGN);
2369 
2370  (void) gettimeofday (&tv1, NULL);
2371  x = select (fd + 1, &rfds, NULL, NULL, &tv);
2372  (void) gettimeofday (&tv2, NULL);
2373  diff_tv2 = DIFFTV1000 (tv2, tv1);
2374 #ifdef DEBUG
2376  ("find_service(%s): select(port=%d)=%d after"
2377  " %d.%03d s on %d", inet_ntoa (*p_ip), port, x,
2378  diff_tv2, diff_tv2 / 1000, wrap_timeout);
2379 #endif
2380  if (x < 0)
2381  {
2382  if (errno == EINTR)
2383  goto select_again2;
2384  perror ("select");
2385  }
2386  else if (x > 0)
2387  {
2388  errno = 0;
2389  x = recv (fd, &b, 1, MSG_DONTWAIT);
2390  if (x == 0 || (x < 0 && errno == EPIPE))
2391  {
2392  /*
2393  * If the service quickly closes the connection when we
2394  * send garbage but not when we don't send anything, it
2395  * is not wrapped
2396  */
2397  flag = 1;
2398  }
2399  }
2400  else
2401  {
2402  /*
2403  * Timeout - one last
2404  * check
2405  */
2406  errno = 0;
2407  if (send (fd, "Z", 1, MSG_DONTWAIT) < 0)
2408  {
2409  perror ("send");
2410  if (errno == EPIPE)
2411  flag = 1;
2412  }
2413  }
2415  if (flag)
2416  {
2417  if (diff_tv2 <= 2 * diff_tv + 1)
2418  {
2419  mark_wrapped_svc (desc, port, diff_tv2 / 1000);
2420  unindentified_service = 0;
2421  }
2422 #ifdef DEBUG
2423  else
2424  log_legacy_write ("\
2425 The service on port %s:%d closes the connection in %d.%03d s when we send garbage,\n\
2426 and in %d.%03d when we just wait. It is probably not wrapped", inet_ntoa (*p_ip), port, diff_tv / 1000, diff_tv % 1000, diff_tv2 / 1000, diff_tv2 % 1000);
2427 #endif
2428  }
2429  }
2430  }
2431 
2432  if (unindentified_service && port != 139 && port != 135
2433  && port != 445)
2434  /*
2435  * port 139 can't be marked as
2436  * 'unknown'
2437  */
2438  {
2439  unknown[num_unknown++] = port;
2440  /*
2441  * find_service_3digits will run
2442  * after us
2443  */
2444  if (!three_digits)
2445  mark_unknown_svc (desc, port, banner, trp);
2446  }
2447  g_free (banner);
2448  }
2449 #ifdef DEBUG
2450  else
2452  ("find_service(%s): could not connect to port %d",
2453  inet_ntoa (*p_ip), port);
2454 #endif
2455 
2456  }
2457  if (h)
2458  h = h->next;
2459  }
2460  g_free (http_get);
2461 
2462  return (0);
2463 }
2464 
2465 #define MAX_SONS 128
2466 
2467 static pid_t sons[MAX_SONS];
2468 
2469 static void
2470 sigterm (int s)
2471 {
2472  int i;
2473  for (i = 0; i < MAX_SONS; i++)
2474  {
2475  if (sons[i] != 0)
2476  kill (sons[i], SIGTERM);
2477  }
2478  _exit (0);
2479 }
2480 
2481 static void
2482 sigchld (int s)
2483 {
2484  int i;
2485  for (i = 0; i < MAX_SONS; i++)
2486  {
2487  waitpid (sons[i], NULL, WNOHANG);
2488  }
2489 }
2490 
2491 static int
2492 fwd_data (int in, int out, pid_t sender)
2493 {
2494  int e;
2495  char *buf = NULL;
2496  int bufsz = 0;
2497  int type;
2498 
2499  e = internal_recv (in, &buf, &bufsz, &type);
2500  if (e <= 0)
2501  return -1;
2502 
2503  internal_send (out, buf, type);
2504  g_free (buf);
2505  return 0;
2506 }
2507 
2508 tree_cell *
2510 {
2511  struct arglist *desc = lexic->script_infos;
2512 
2513  oid = lexic->oid;
2514 
2515  kb_t kb = plug_get_kb (desc);
2516  struct kb_item *kbitem, *kbitem_tmp;
2517 
2518  struct arglist *sons_args[MAX_SONS];
2519  int sons_pipe[MAX_SONS][2];
2520  int num_ports = 0;
2521  char *num_sons_s = get_plugin_preference (oid, NUM_CHILDREN);
2522  int num_sons = 6;
2523  int port_per_son;
2524  int i;
2525  struct arglist *globals = arg_get_value (desc, "globals");
2526  int unix_sock = arg_get_value_int (globals, "global_socket");
2527  int test_ssl = 1;
2528  char *key = get_plugin_preference (oid, KEY_FILE);
2529  char *cert = get_plugin_preference (oid, CERT_FILE);
2530  char *pempass = get_plugin_preference (oid, PEM_PASS);
2531  char *cafile = get_plugin_preference (oid, CA_FILE);
2532  char *test_ssl_s = get_plugin_preference (oid, TEST_SSL_PREF);
2533 
2534  if (key && key[0] != '\0')
2535  key = (char *) get_plugin_preference_fname (desc, key);
2536  else
2537  key = NULL;
2538 
2539  if (cert && cert[0] != '\0')
2540  cert = (char *) get_plugin_preference_fname (desc, cert);
2541  else
2542  cert = NULL;
2543 
2544  if (cafile && cafile[0] != '\0')
2545  cafile = (char *) get_plugin_preference_fname (desc, cafile);
2546  else
2547  cafile = NULL;
2548 
2549  if (test_ssl_s != NULL)
2550  {
2551  if (strcmp (test_ssl_s, "None") == 0)
2552  test_ssl = 0;
2553  }
2554  if (key || cert)
2555  {
2556  if (!key)
2557  key = cert;
2558  if (!cert)
2559  cert = key;
2560  plug_set_ssl_cert (desc, cert);
2561  plug_set_ssl_key (desc, key);
2562  }
2563  if (pempass != NULL)
2564  plug_set_ssl_pem_password (desc, pempass);
2565  if (cafile != NULL)
2566  plug_set_ssl_CA_file (desc, cafile);
2567 
2568 
2569  signal (SIGTERM, sigterm);
2570  signal (SIGCHLD, sigchld);
2571  if (num_sons_s != NULL)
2572  num_sons = atoi (num_sons_s);
2573 
2574  if (num_sons <= 0)
2575  num_sons = 6;
2576 
2577  if (num_sons > MAX_SONS)
2578  num_sons = MAX_SONS;
2579 
2580 
2581 
2582 
2583  for (i = 0; i < num_sons; i++)
2584  {
2585  sons[i] = 0;
2586  sons_args[i] = NULL;
2587  }
2588 
2589  if (kb == NULL)
2590  return NULL; // TODO: in old days returned "1". Still relevant?
2591 
2592  kbitem = kb_item_get_pattern (kb, "Ports/tcp/*");
2593 
2594  /* count the number of open TCP ports */
2595  kbitem_tmp = kbitem;
2596  while (kbitem_tmp != NULL)
2597  {
2598  num_ports++;
2599  kbitem_tmp = kbitem_tmp->next;
2600  }
2601 
2602  port_per_son = num_ports / num_sons;
2603 
2604  /* The next two loops distribute the ports across a number of 'sons'.
2605  */
2606 
2607  kbitem_tmp = kbitem;
2608 
2609  for (i = 0; i < num_sons; i = i + 1)
2610  {
2611  int j;
2612 
2613  if (kbitem_tmp != NULL)
2614  {
2615  for (j = 0; j < port_per_son && kbitem_tmp != NULL;)
2616  {
2617  if (sons_args[i] == NULL)
2618  sons_args[i] = g_malloc0 (sizeof (struct arglist));
2619  arg_add_value (sons_args[i], kbitem_tmp->name, kbitem_tmp->type,
2620  NULL);
2621  j++;
2622  kbitem_tmp = kbitem_tmp->next;
2623  }
2624  }
2625  else
2626  break;
2627  }
2628 
2629 
2630  for (i = 0; (i < num_ports % num_sons) && kbitem_tmp != NULL;)
2631  {
2632  if (sons_args[i] == NULL)
2633  sons_args[i] = g_malloc0 (sizeof (struct arglist));
2634  arg_add_value (sons_args[i], kbitem_tmp->name, kbitem_tmp->type, NULL);
2635  i++;
2636  kbitem_tmp = kbitem_tmp->next;
2637  }
2638 
2639  kb_item_free (kbitem);
2640 
2641 
2642  for (i = 0; i < num_sons; i++)
2643  if (sons_args[i] == NULL)
2644  break;
2645 
2646 
2647  num_sons = i;
2648 
2649 
2650  for (i = 0; i < num_sons; i++)
2651  {
2652  usleep (5000);
2653  if (sons_args[i] != NULL)
2654  {
2655  if (socketpair (AF_UNIX, SOCK_STREAM, 0, sons_pipe[i]) < 0)
2656  {
2657  perror ("socketpair ");
2658  break;
2659  }
2660  sons[i] = fork ();
2661  if (sons[i] == 0)
2662  {
2663  int soc;
2664 
2665  kb_lnk_reset (kb);
2666  nvticache_reset ();
2667  soc = arg_get_value_int (globals, "global_socket");
2668  close (sons_pipe[i][1]);
2669  close (soc);
2670  soc = sons_pipe[i][0];
2671  arg_set_value (globals, "global_socket", GSIZE_TO_POINTER (soc));
2672  signal (SIGTERM, _exit);
2673  plugin_do_run (desc, sons_args[i], test_ssl);
2674  exit (0);
2675  }
2676  else
2677  {
2678  close (sons_pipe[i][0]);
2679  if (sons[i] < 0)
2680  sons[i] = 0; /* Fork failed */
2681  }
2682  arg_free (sons_args[i]);
2683  }
2684  }
2685 
2686 
2687 
2688  for (;;)
2689  {
2690  int flag = 0;
2691  fd_set rd;
2692  struct timeval tv;
2693  int max = -1;
2694  int e;
2695 
2696 
2697  FD_ZERO (&rd);
2698  for (i = 0; i < num_sons; i++)
2699  {
2700  if (sons[i] != 0 && (sons_pipe[i][1] >= 0))
2701  {
2702  FD_SET (sons_pipe[i][1], &rd);
2703  if (sons_pipe[i][1] > max)
2704  max = sons_pipe[i][1];
2705  }
2706  }
2707 
2708  again:
2709  tv.tv_usec = 100000;
2710  tv.tv_sec = 0;
2711  e = select (max + 1, &rd, NULL, NULL, &tv);
2712  if (e < 0 && errno == EINTR)
2713  goto again;
2714 
2715  if (e > 0)
2716  {
2717  for (i = 0; i < num_sons; i++)
2718  {
2719  if (sons[i] != 0 && sons_pipe[i][1] >= 0
2720  && FD_ISSET (sons_pipe[i][1], &rd) != 0)
2721  {
2722  if (fwd_data (sons_pipe[i][1], unix_sock, sons[i]) < 0)
2723  {
2724  close (sons_pipe[i][1]);
2725  sons_pipe[i][1] = -1;
2726  while (waitpid (sons[i], NULL, WNOHANG)
2727  && errno == EINTR);
2728  sons[i] = 0;
2729  }
2730  }
2731  }
2732  }
2733  for (i = 0; i < num_sons; i++)
2734  {
2735  if (sons[i] != 0)
2736  {
2737  while (waitpid (sons[i], NULL, WNOHANG) && errno == EINTR);
2738 
2739  if (kill (sons[i], 0) < 0)
2740  {
2741  fwd_data (sons_pipe[i][1], unix_sock, sons[i]);
2742  close (sons_pipe[i][1]);
2743  sons_pipe[i][1] = -1;
2744  sons[i] = 0;
2745  }
2746  else
2747  flag++;
2748  }
2749  }
2750 
2751 
2752  if (flag == 0)
2753  break;
2754  }
2755 
2756  return NULL;
2757 }
tree_cell * plugin_run_find_service(lex_ctxt *lexic)
void mark_postgresql(struct arglist *desc, int port, char *buffer)
#define ARG_INT
Definition: arglists.h:40
const char * get_encaps_name(openvas_encaps_t code)
Definition: network.c:1729
void mark_echo_server(struct arglist *desc, int port)
void plug_replace_key(struct arglist *args, char *name, int type, void *value)
Definition: plugutils.c:681
void kb_item_free(struct kb_item *)
Release a KB item (or a list).
Definition: kb_redis.c:501
void mark_rsync(struct arglist *desc, int port, char *buffer, int trp)
void nvticache_reset()
Reset connection to KB. To be called after a fork().
Definition: nvticache.c:138
void mark_nntp_server(struct arglist *desc, int port, char *buffer, int trp)
tree_cell * http_get(lex_ctxt *lexic)
Definition: nasl_http.c:214
#define TEST_SSL_PREF
int arg_set_value(struct arglist *arglst, const char *name, void *value)
Definition: arglists.c:225
void mark_netbus_server(struct arglist *desc, int port, char *buffer)
void mark_swat_server(struct arglist *desc, int port, unsigned char *buffer)
void plug_set_key(struct arglist *args, char *name, int type, const void *value)
Definition: plugutils.c:658
void * plug_get_key(struct arglist *args, char *name, int *type, int single)
Definition: plugutils.c:767
void mark_telnet_server(struct arglist *desc, int port, char *buffer, int trp)
#define max
Definition: nasl_wmi.c:61
Knowledge base item (defined by name, type (int/char*) and value). Implemented as a singly linked lis...
Definition: kb.h:81
void plug_set_ssl_CA_file(struct arglist *args, char *key)
Definition: plugutils.c:1035
struct kb_item * next
Definition: kb.h:91
void arg_free(struct arglist *arg)
Definition: arglists.c:322
void mark_linuxconf(struct arglist *desc, int port, unsigned char *buffer)
const char * oid
int openvas_get_socket_from_connection(int fd)
Definition: network.c:395
enum kb_item_type type
Definition: kb.h:83
#define ABS(x)
void mark_locked_adsubtract_server(struct arglist *desc, int port, unsigned char *buffer, int trp)
int open_stream_connection(struct arglist *args, unsigned int port, int transport, int timeout)
Definition: network.c:1117
#define MAX_SONS
void mark_mysql(struct arglist *desc, int port, char *buffer)
#define DIFFTV1000(t1, t2)
void mark_imap_server(struct arglist *desc, int port, char *buffer, int trp)
#define KEY_FILE
void log_legacy_write(const char *format,...)
Legacy function to write a log message.
void mark_cvsupserver(struct arglist *desc, int port, char *buffer, int trp)
char * plug_get_host_fqdn(struct arglist *desc)
Definition: plugutils.c:200
void mark_ssh_server(struct arglist *desc, int port, char *buffer)
const char * get_plugin_preference_fname(struct arglist *desc, const char *filename)
Get the file name of a plugins preference that is of type "file".
Definition: plugutils.c:551
#define WRAP_TIMEOUT_PREF
int read_stream_connection(int fd, void *buf0, int len)
Definition: network.c:1421
void plug_set_port_transport(struct arglist *args, int port, int tr)
Definition: plugutils.c:976
void plug_set_ssl_pem_password(struct arglist *args, char *key)
Definition: plugutils.c:1025
#define IS_ENCAPS_SSL(x)
Definition: network.h:64
kb_t plug_get_kb(struct arglist *args)
Definition: plugutils.c:710
void post_log(const char *oid, struct arglist *desc, int port, const char *action)
Post a log message about a tcp port.
Definition: plugutils.c:445
#define NUM_CHILDREN
int read_stream_connection_min(int fd, void *buf0, int min_len, int max_len)
Definition: network.c:1360
int internal_recv(int soc, char **data, int *data_sz, int *msg_type)
Definition: network.c:2318
#define CA_FILE
void arg_add_value(struct arglist *arglst, const char *name, int type, void *value)
Definition: arglists.c:170
#define RW_TIMEOUT_PREF
Top-level KB. This is to be inherited by KB implementations.
Definition: kb.h:102
Definition: nasl_tree.h:105
struct in6_addr * ip
Definition: network.h:61
void mark_http_proxy(struct arglist *desc, int port, unsigned char *buffer, int trp)
void mark_cvspserver(struct arglist *desc, int port, char *buffer, int trp)
struct arglist * next
Definition: arglists.h:33
#define MAX_SHIFT
void mark_rmserver(struct arglist *desc, int port, char *buffer, int trp)
void post_alarm(const char *oid, struct arglist *desc, int port, const char *action)
Definition: plugutils.c:425
void mark_auth_server(struct arglist *desc, int port, char *buffer)
void mark_eggdrop_server(struct arglist *desc, int port, char *buffer, int trp)
void mark_gnome14_server(struct arglist *desc, int port, char *buffer, int trp)
#define CERT_FILE
void mark_fssniffer(struct arglist *desc, int port, char *buffer, int trp)
struct timeval timeval(unsigned long val)
void mark_ncacn_http_server(struct arglist *desc, int port, char *buffer)
int write_stream_connection(int fd, void *buf0, int n)
Definition: network.c:1571
#define DIFF_1970_1900
void mark_remote_nc_server(struct arglist *desc, int port, char *buffer, int trp)
void mark_pop_server(struct arglist *desc, int port, char *buffer)
#define ARG_STRING
Definition: arglists.h:38
const char * get_encaps_through(openvas_encaps_t code)
Definition: network.c:1759
int arg_get_value_int(struct arglist *args, const char *name)
Definition: arglists.c:246
int internal_send(int soc, char *data, int msg_type)
Definition: network.c:2263
void mark_wild_shell(struct arglist *desc, int port, char *buffer)
void plug_set_ssl_cert(struct arglist *args, char *cert)
Definition: plugutils.c:1013
void plug_set_ssl_key(struct arglist *args, char *key)
Definition: plugutils.c:1019
void mark_mldonkey(struct arglist *desc, int port, unsigned char *buffer)
char * name
Definition: arglists.h:31
void mark_smtp_server(struct arglist *desc, int port, char *buffer, int trp)
void mark_snpp_server(struct arglist *desc, int port, char *buffer, int trp)
const char * oid
Definition: nasl_lex_ctxt.h:40
struct arglist * script_infos
Definition: nasl_lex_ctxt.h:39
void mark_listserv_server(struct arglist *desc, int port, char *buffer, int trp)
void mark_vnc_server(struct arglist *desc, int port, char *buffer)
char name[0]
Definition: kb.h:94
void mark_vqserver(struct arglist *desc, int port, unsigned char *buffer)
void * arg_get_value(struct arglist *args, const char *name)
Definition: arglists.c:252
#define PEM_PASS
void mark_ftp_server(struct arglist *desc, int port, char *buffer, int trp)
void mark_cvslockserver(struct arglist *desc, int port, char *buffer, int trp)
void mark_http_server(struct arglist *desc, int port, unsigned char *buffer, int trp)
int stream_set_timeout(int fd, int timeout)
Definition: network.c:1158
#define CNX_TIMEOUT_PREF
char * get_plugin_preference(const char *oid, const char *name)
Definition: plugutils.c:476
#define TESTSTRING
int close_stream_connection(int fd)
Definition: network.c:1699